com 


Healthcare  anxiety  The  deadline  for  healthcare 

firms  to  be  in  compliance  with  HIPAA  rules  is  causing  IT  angst  PAGE  30. 


Security  sneak  peek  Network  Associates 

GEO  George  Samenuk  gives  product  preview.  PAGE  16. 


Web  services 


pioneers  like 
,  John  StudtlaPii 

CTO  of  Lydian  Trust,  say  Webi  services  •' 
are  like  an  umbrella.  They’re  low-cosfc,  N 
easy  to  use  and  practical,  and  they 
get  the  job  done.  1  ,,«.**-*  AH 


Page  52. 


In  Studdard’s  case,  Web  services  are 
being  used  to  automate  a  car  loan 
processing  system. 


Page  56. 


A  Nemertes  Research  study  shows 
that  companies  are  turning  to  Web 
services  to  reduce  costs,  to  boost 
productivity  and  to  improve 
customer  satisfaction. 


Securing 
WLANs  still  a 
hit  or  miss 
proposition 


Flaws  put 
open  source 
on  hot  seat 


■  BY  TIM  GREENE  AND 
JOHN  COX 

Securing  wireless  LANs  is  a 
growing  challenge  with  no 
easy  solutions. 

The  need  to  spend  time,  money 
and  staff  to 
beef  up 
security  is 
hobbling 
the  technol¬ 
ogy,  even  so 
customers 
still  spent  $1.68  billion  on  wire¬ 
less  gear  in  2002  and  are  expect¬ 
ed  to  spend  $2.72  billion  by  2006, 
according  to  Infonetics  Research. 

The  IEEE  is  expected  to  fix 
wireless  LAN  security  flaws  by 
year-end  with  a  new  standard  to 
See  Wireless,  page  74 


■  BY  JOHN  FONTANA 

The  SendMail  and  Snort  secur¬ 
ity  bugs  exposed  last  week 
brought  front  and  center  the 
unique  challenges  inherent  in 
producing  and  applying  patches 
to  open  source  software. 

The  bottom  line,  experts  say,  is 
that  corporate  users  should  be 
aware  that  open  source  patches 
can  be  produced  quickly  but 
won't  necessarily  come  from  a 
trusted  source.  Also,  it  is  difficult 
to  track  software  that  might  need 
a  patch. 

“With  open  source  you  really 


have  a  double-edged  sword,” says 
Dan  Ingevaldson,the  team  leader 
of  X-Force  Research  and  Devel¬ 
opment  at  Internet  Security  Sys¬ 
tems,  which  discovered  the  Send¬ 
Mail  bug.“It’s  very  open  but  there 
is  no  single  point  of  contact 
where  there  is  a  list  of  enterprise 
customers  using  the  code.” 

That  could  foster  a  disconnect 
between  code  developers  and 
users  not  plugged  into  mailing 
lists. 

The  issue  was  raised  last  week 
with  SendMail,  Inc.,  and  Source- 
Fire,  which  employ  creators  of 
popular  open  source  software 
but  also  sell  commercial  versions 
of  the  code. 

In  the  SendMail  case,  code  cre¬ 
ator  Eric  Allman  was  notified  of 

See  Open  source,  page  76 


■  A  wireless  LAN 
switch  frenzy  is 
stirring  with 
Enterasys,  Nortel 
and  3Com  readying 
offerings.  Page  10. 


■  BY  JIM  DUFFY  AND 
MICHAEL  MARTIN 

Capital  spending  by  North 
American  carriers  this  year  —  ex¬ 


pected  to  be  $30  billion  —  might 
be  only  half  that  of  2001,  but  the 
four  regional  Bell  operating  com¬ 
panies  will  invest  nearly  three- 
quarters  of  those  dollars  on  po¬ 


tentially  lucrative  data  services  to 
replace  eroding  voice  revenue. 

The  Bells’ plans  call  for  building 
nationwide  backbones  and 
points  of  presence  to  enter  a  long¬ 
distance  market  opened  to  them 
as  they  met  demands  of  govern¬ 
ment  regulations.  Services  on  tap 
range  from  IP  VPNs  and  IP  Cen¬ 
trex  to  basic  long-distance. 

“These  buildouts  are  as  much 
defensive  as  offensive,”  says 
Thomas  Nolle,  president  of  con¬ 
sultancy  CIMI.“By  2005  or  2006, 
voice  will  not  be  capable  of  fund¬ 
ing  the  public  network.” 


Verizon,  the  biggest  RBOC,  plans 
to  spend  at  least  twice  as  much  as 
any  other  —  $13  billion  this  year 
(down  roughly  25%  from  the 
$17.5  billion  average  spent  by 
Verizon  in  2000  and  2001). 

Much  of  Verizon’s  spending  is 
going  to  core  and  edge  IP  routers,  | 
a  new  generation  of  ATM  edge 
switches,  and  higher-capacity  and 
data-friendly  optical  gear. 

“  [The  investment  is]  really  now 
just  a  question  of  how  to  meet 
customer  requirements  and  man¬ 
age  a  migration  of  some  of  the 
See  Bells,  page  14 


The  RBQCs  Upgrade 

Who  says  the  Bells  aren’t  spending? 


Document  needs  approval. 


Managing  collaboration  can  be  challenging. 
That’s  why  there’s  Windows  XP  and  Office  XP. 


'.A 


Recognize  any  of  those  issues?  Or,  perhaps,  all  of  them?  We  thought  so. 
Many  of  these  issues  can  be  related  to  your  legacy  desktop  software; 
fortunately,  many  of  them  can  be  addressed  by  features  in  Microsoft® 
Windows®  XP  Professional  and  Office  XP  Professional.  Want  specific 


mm 


examples?  Windows  XP  Professional  offers  built-in  audio  and  video-con¬ 
ferencing  capabilities  that  make  the  whole  experience  easy  and  intuitive 
for  your  end  users.  With  the  Send  for  Review  feature,  Office  XP  Professional 
lets  users  easily  assign  roles  to  everyone  involved  in  the  document  review 


cycle,  while  automatically  providing  the  correct  tools  for  each  reviewer 
and  allowing  changes  to  be  easily  merged  back  into  the  original  document. 
And  finally,  several  new  features  make  deployment  easier  than  ever.  For 
more  ideas  about  managing  your  desktops,  visit  microsoft.com/desktop 


12  storage  platforms 


3  operating  systems 


27  nightly  backup  schedules 
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And  that's  just  one  office.  Monitor  and  manage  all  your  storage 

from  a  single  point  with  BrightStor  Portal. 

You're  burning  the  midnight  oil.  So  is  your  storage  network.  And  the  only  things  growing  faster  than  your  storage  needs 
are  your  storage  problems.  The  solution?  BrightStor™  Portal.  A  breakthrough  in  enterprise-wide  storage  software  that  provides 
a  single  point  of  management.  With  a  flexible  portal  interface  that's  easy  to  use,  BrightStor  Portal  gives  you  a  customized  view 
of  your  entire  storage  environment  so  you  can  respond  to  any  issue,  anytime,  anywhere.  In-depth  access  to  business-critical 
information  24  x  7  will  help  you  simplify  operations,  increase  productivity  and  maximize  cost  efficiency  across  your  enterprise. 
Hey,  with  more  and  more  issues  under  control,  you  may  actually  get  to  go  home.  ca.com/brightstor/portal 


BrightStor  Storage  Solutions 
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Web  services  pioneers  are  beginning  to  use  the  technology  to 
integrate  data  from  disparate  sources  and  to  automate  business 
processes.  This  first  wave  of  Web  service  deployments  is  occur¬ 
ring  primarily  within  a  company,  but  these  IT  execs  can’t  wait  to 
move  onto  automating  transactions  through  Web  services  and  to 
share  data  and  applications  with  other  companies,  Page  49. 


Doug  Falk  was 
expecting  a  crazy 
new  technology  when 
Web  services  first 
came  around. 


Case  Study:  Lydian  Trust  is  using  Web  services  to  automate  its  auto  loan 
process.  CTO  John  Studdard  says  the  company  went  from  processing  60  loans  a 
day  to  600.  Page  52. 


Survey  results:  According  to  a  Nemertes  Research  study,  32%  of  Web 
services  deployments  are  for  internal  application  portals  and  29%  are  for  customer 
service  or  external  application  portals.  Page  56. 
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Small  business  innovation 

Network  World  contributor  Mark  Miller  offers  up  Weblog  comments  on 
the  federal  government's  Small  Business  Innovation  Research  conference 
this  week. 
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Groove  slashes  20%  of  payroll 

■  Groove  Networks  laid  off  20%  of  its  workforce  last  week  and 
also  announced  that  it  had  closed  a  fifth  round  of  financing  worth 
$38  million  from  investors  that  include  Accel  Partners,  Intel 


TheGoodTht  Bad  hi  Ugly 


EMC  and 
Hitachi,  seen 
about  a  year 
ago  slapping  each 
other  with  patent 
infringement  lawsuits, 
last  week  kissed  and  made 
up.  Not  only  did  the  companies 
settle  all  pending  suits  against 
each  other,  but  they  agreed  to 
cross-license  technology  and 
exchange  storage-related  APIs.  > 


Capital  and  Microsoft.  The  company  now  has  raised  more  than 
$155  million  since  its  founding  in  October  1997.  Groove  says  the 
elimination  of  58  positions  represents  the  completion  of  a  restruc¬ 
turing  of  its  sales,  marketing  and  services  organizations. The  com¬ 
pany  says  the  move  reflects  the  Fortune  500  companies’  slow¬ 
down  in  software  spending.  Groove  shipped  its  first  product  in 
April  2001  and  released  Version  2.5  of  Groove  Workspace  this 
month. 

IETF  launches  antispam  effort 

■  Underscoring  growing  concern  over  spam,  the  Internet  Engineering  Task  Force  has 
created  an  Anti-Spam  Research  Group  that  aims  to  put  unsolicited  commercial  e-mail 
in  its  cross  hairs  by  setting  standards  for  spam  detection  and  potential  legislation. The 
antispam  group  will  work  within  the  organization’s  Internet  Research  Task  Force  and 
will  investigate  whether  a  single  architecture  can  be  implemented  that  will  let  e-mail 
receivers  express  their  consent  and,  more  importantly,  lack  of  consent  for  certain  com¬ 
munications.  This  approach  is  because  everyone’s  definition  of  spam  is  different,  the 
group  said,  making  e-mail  a  consent-based  communication. The  antispam  group  wants 
to  develop  an  architecture  with  three  components:  consent  expression,  consent 
enforcement  and  source  tracking. The  ASRG  will  hold  its  first  meeting  March  20  in  San 
Francisco. 

Federal  agencies  join  Liberty  Alliance 

■  The  General  Services  Administration  and  U.S.  Department  of  Defense  last  week 
became  the  latest  members  to  join  the  Liberty  Alliance,  a  group  working  to  create  a 
standards-based  specification  for  federated  user  identity  The  group,  which  now  has  160 
members,  also  added  to  its  membership  rolls  Lockheed  Martin,  the  largest  provider  of 
IT  services,  systems  integration  and  training  to  the  U.S.  gov¬ 
ernment. The  government  is  said  to  be  interested  in  explor¬ 
ing  how  the  Liberty  Alliance  specifications  can  help  gov¬ 
ernment  organizations  authenticate  the  identity  of  users 
that  do  business  with  government  groups  over  the  Internet. 

The  alliance  is  expected  to  announce  Version  2.0  of  its 
specification  this  summer. 


COMPENDIUM 

Having  a  cow 

The  blogosphere  was  a-twitter,  if  not  outright  aghast 
at  the  news  last  week  that  Dr.  Pepper  is  going  to  try 
to  use  free  tchotchkes  to  get  Webloggers  to  post  nice 
things  about  its  new  brand  of  Raging  Cow  “extreme” 
milk.  Naturally,  somebody  quickly  set  up  a 
protest/satire  WeLiog  with  the  same  name  as  the 
drink  to  try  to  get  some  Google  mindshare.  See  it  at 
www.nwfusion.com,  DocFinder:  4654. 


Riches  to  rags.  One-time  highflier  StorageNetworks  last  week 
announced  that  it  “has  engaged  the  services  of  investment  banking  firms  to 
identify  and  assess  all  available  alternatives  to  maximize  shareholder  value." 
That's  business  code  for:  "Someone  buy  us.  Please."  The  storage  software 
and  services  company’s  stock,  which  soared  close  to  $160  in  2000,  was  selling 
for  less  than  $1  last  week.  At  that  price,  finding  a  buyer  seems  feasible. 

Disaster  waiting  to  happen.  Tony  Adams,  a  principal  analyst 
at  Gartner,  on  widespread  IT  unpreparedness  for  disaster  recovery:  "Budget 
constraints  are  forcing  an  average  of  40%  of  respondents  [205  IT  professionals 
were  surveyed]  to  rely  on  a  best  guess  to  determine  potential  risk  rather  than 
obtaining  formal  assessments,  which  would  be  too  costly." 

Gartner:  42%  of  CRM  software  unused 

■  Much  of  the  CRM  software  that  companies  buy  ends  up  unused,  according  to  data 
Gartner  released  last  week. The  research  firm  found  that  42%  of  CRM  software  licenses 
respondents  bought  were  not  deployed.  Despite  tight  expense  controls, companies  have 
been  buying  more  CRM  software  licenses  than  they  can  use,  Gartner  says.  While  that 
might  seem  to  make  sense  in  the  short  term,  in  the  long  term  it  costs  companies  more 
—  a  20%  to  30%  increase  in  total  cost  of  ownership,  compared  with  companies  that 
carefully  plan  their  CRM  software  license  purchases,  Gartner  says. 

Stanford  team  redefines  broadband 

■  A  team  of  scientists  at  the  Stanford  Linear  Accelerator  Center  says  it  has  set  an 
Internet  speed  record  using  fiber-optic  cables  to  send  6.7G  bytes  of  data  —  the  equiva¬ 
lent  of  two  DVD  movies  —  across  6,800  miles  in  only  58  seconds.The  transfer  of  uncom¬ 
pressed  data  occurred  at  923M  bit/sec  from  Sunnyvale, Calif., to  Amsterdam.That’s  about 
3,500  times  faster  than  a  typical  Internet  broadband  connection.  “By  exploring  the 
edges  of  Internet  technologies’  performance  envelope,  we  are  improving  our . . .  ability 
to  implement  new  networking  technologies,”  researcher  Les  Cottrell  told  CNN.  The 
experiment  could  “bring  high-speed  data  transfer  to  practical,  everyday  applications, 
such  as  doctors  at  multiple  sites  sharing  and  discussing  a  patient’s  [heart  test  results]  to 
diagnose  and  plan  treatment,”  Cottrell  says. 

Hacker  hits  University  of  Texas 

■  An  Internet-based  attack  on  computer  systems  at  the  University  of  Texas  at  Austin 
yielded  personal  information  on  more  than  55,000  individuals,  including  current  and 
former  students, current  and  former  faculty, staff  and  job  applicants,  according  to  a  state¬ 
ment  posted  on  the  university’s  Web  site.  The  attacker  or  attackers  apparently  used  a 
“blunt  force"  approach  to  cracking  the  system,  writing  a  program  that  input  millions  of 
Social  Security  numbers  to  the  system. Social  Security  numbers  that  matched  records  in 
the  UT  database  were  captured.  In  addition  to  the  victims’  Social  Security  numbers,  the 
attackers  gained  access  to  e-mail  addresses,  titles, phone  numbers  and  university  depart¬ 
ment  addresses.  Academic  and  health  records  were  not  exposed,  the  university  said.The 
university  is  working  with  the  U.S.  Attorney’s  Office  and  the  Secret  Service  to  locate 
those  responsible  for  the  break-in  and  is  working  to  contact  all  those  affected  by  the 
attack. 
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3Com  and  Foundry  have  the  power 

New  powered  LAN  switches  could  help  ease  IP  phone,  wireless  LAN  base  station  deployment 


■  BY  PHIL  HOCHMUTH 

Foundry  Networks  and  3Com 
this  week  will  debut  products  that 
deliver  power  over  Ethernet  to  de¬ 
vices  such  as  wireless  LAN  access 
points  and  IP  phones  —  the  latter 
addressing  a  critical  concern 
among  IP  telephony  skeptics. 

With  their  announcements  at 
the  CeBit  conference  in  Germany, 
the  companies  will  be  offering 
their  first  PbE  products.  Such 
products  are  designed  to  make  it 
easier  to  deploy  IP  phones,  wire¬ 


less  LAN  access  points,  IP  security 
cameras  and  other  devices  by 
delivering  network  connectivity 
and  AC  power  over  a  single  net¬ 
work  cable. 

In  addition  to  its  PoE  gear, 
Foundry  will  announce  a  stack- 
able  Gigabit  switch  for  small  and 
midsize  LAN  cores.  3Com  also  will 
have  new  803. 1  la  gear  on  tap. 

Foundry  will  debut  two  switches 
for  powering  IP  devices  over  LAN 
cabling  as  well  as  new  fixed-con¬ 
figured  boxes  for  building  modu¬ 
lar  Gigabit  backbones. 


Foundry's  Fastlron  Edge  Switch 
2402  can  deliver  power  over 
Ethernet  on  all  24  of  its  10/100M 
bit/sec  ports. 

Foundry  will  announce  two 
Fastlron  Edge  FbE  wiring  closet 
switches  that  could  be  used  to 
deliver  power  and  LAN  connec¬ 
tivity  to  devices  compliant  with 
the  802.3af  (PoE)  standard. 


The  Fastlron  Edge  Switch  2402 
PoE  includes  24  powered 
10/100M  bit/sec  ports,  two  un¬ 
powered  10/1 00/ 1 000M  bit/sec 
copper  ports  and  mini-Gigabit  In¬ 
terface  Converter  slots  for  fiber 
uplinks.The  Fastlron  Edge  4802  is 
a  48-port  version  of  the  switch, 
with  twice  as  many  powered  LAN 
ports  as  the  2402,  and  the  same 
number  of  copper  and  fiber  up¬ 
link  ports  and  slots.  The  24-  and 
48-port  switches  will  cost  $4,500 
and  $7,500,  respectively  and 
come  as  Layer  2  devices,  but  can 


IBM  unveils  ‘self-healing'  tools 


■  BY  ANN  BEDNARZ 

ARMONK,  N.Y  —  IBM  moved  closer  to 
achieving  its  vision  of  self-healing,  self-con¬ 
figuring  systems  last  week  with  the  unveiling 
of  three  autonomic  computing  software 
modules. 

The  modules  are  designed  to  predict  and 
respond  to  sudden  increases  in  data  center 
workloads.  The  Adaptive  Forecasting  module 
uses  mathematical  models  to  anticipate  the 
progression  of  an  unexpected  surge  in  de¬ 
mand.  The  Online  Capacity  Plan¬ 
ning  module  estimates  the  re¬ 
sources  required  to  maintain  ser¬ 
vice-level  targets  during  peaks 
and  allows  a  hot  swap  of  re¬ 
sources  from  one  workload  to 
another.  The  Rapid  Reconfigur¬ 
ation  piece  uses  new  capabilities 
in  WebSphere  Application  Server 
5.0  to  add  and  remove  nodes  as 
resource  demands  fluctuate. 

While  IBM  has  announced 
dynamic  provisioning  tools  in 
the  past,  what  makes  this  soft¬ 
ware  different  is  its  forecasting 
abilities,  says  Aian  Ganek,  vice  president  of 
autonomic  computing.  The  software  will 
start  to  deploy  equipment  ahead  of  data 
center  requirements. 

“Obviously,  you  can’t  tell  in  advance  when  a 
surge  is  going  to  happen,”  Ganek  says.  “But 
when  the  workload  starts  to  come  in,  we  can 
gauge  a  signature  of  what  it  looks  like.  And 
using  modeling  and  probabilistic  methods, we 
can  get  a  sense  of  its  trajectory 

IBM  has  existing  forecasting  tools  that  can 
prepare  for  predictable  spikes,  such  as  sea¬ 
sonal  traffic  bursts.  But  dealing  with  the 
unexpected  requires  something  more 
sophisticated,  says  Joe  Hellerstein,  manager 
of  the  adaptive  systems  department  at  IBM’s 
Thomas  J.  Watson  Research  Center. 

When  workloads  deviate  significantly  from 
what  is  expected,  IBM’s  new  adaptive  fore¬ 


caster  kicks  in  and  starts  tracking  how  things 
are  changing.  This  short-term  forecaster 
allows  the  system  to  get  ahead  of  the  surge, 
see  that  more  server  power  will  be  needed 
in  another  minute,  for  example,  and  make 
requests  before  service  levels  degrade, 
Hellerstein  says. Similarly, as  the  surge  begins 
to  dissipate,  the  tools  can  release  resources 
earlier  to  conserve  costs,  he  says. 

Jeff  Wenger,  vice  president  and  CTO  at  Tax 
Technologies  in  Haworth,  N.J., says  his  compa¬ 
ny  does  its  own  forecasting  but  would  wel¬ 


come  any  tools  that  could  help  better  predict 
shifting  workloads  as  its  business  increases. 

“Last  year  we  ended  up  using  less  than  10% 
of  our  available  horsepower,”  Wenger  says.“If 
we  were  more  comfortable  with  our  fore¬ 
casting,  we  wouldn’t  have  to  overprovision 
as  much.” 

IBM  Global  Services  hosts  Tax  Technolo¬ 
gies’  Web-based  tax  and  financial  reporting 
software.  The  idea  of  some  day  shifting  to 
pay-as-you-go  service  model,  with  capacity 
managed  by  IBM’s  autonomic  technologies, 
is  appealing  to  Tax  Technologies,  which 
experiences  its  biggest  volumes  during  the 
first  two  weeks  of  September. 

“In  our  industry  we  could  require  10  times 
the  horsepower  for  two  weeks  out  of  the  year,” 
Wenger  says. “If  we  didn’t  have  to  acquire  10 
times  the  equipment  and  pay  for  it  the  whole 


year,  that  would  be  a  good  thing." 

The  three  new  tools  are  not  available  as 
packaged  software  products,  but  IBM  Global 
Services  will  add  the  new  technologies  to  its 
services.  On  the  product  front,  IBM  is  “actively 
working  to  inject  this  technology  into  a  variety 
of  our  offerings,”  Ganek  says. 

IBM  has  publicly  pursued  autonomic  com¬ 
puting  since  announcing  its  eLiza  initiative  in 
2001;  it  formed  a  dedicated  autonomic  com¬ 
puting  division  headed  by  Ganek  in  October. 

As  IT  systems  become  more  complex,  auto¬ 
nomic  capabilities  can  absorb 
some  of  the  management  bur¬ 
den  and  free  up  IT  staff  to  focus 
on  other  tasks,  Ganek  says. 
Autonomic  technology  will  yield 
more  effective  resource  utiliza¬ 
tion  and  increase  reliability, 
he  says. 

“Today  about  40%  of  major  sys¬ 
tem  outages  are  due  to  operator 
error,”  Ganek  says.“Automating  sys¬ 
tem  configuration  changes  is  a 
good  way  to  avoid  those  kinds  of 
problems.” 

Analysts  have  debated  whether 
companies  are  ready  for  autonomic  comput¬ 
ing  and  the  relinquishing  of  control  that  goes 
along  with  it.  At  healthcare  services  provider 
Sutter  Health,  network  professionals  are  com¬ 
ing  around  to  the  idea. 

“This  will  be  an  evolution  for  support  per¬ 
sonnel  as  well  as  the  technolog/  says  Mark 
Dynes,  who  manages  the  enterprise  systems 
management  department  at  Sutter  Health  IT 
in  Sacramento,  Calif.  His  company  has  started 
automation  efforts  and  begun  researching  a 
new  autonomic-enabled  version  of  IBM’s 
Tivoli  Monitoring  software. 

“It  is  a  slow  process  for  identifying  items 
that  staff  is  willing  to  release  control  of,” 
Dynes  says. 

IBM  will  demonstrate  its  new  autonomic 
computing  tools  at  this  week’s  CeBIT  show 
in  Germany.  ■ 


IIToday,  about  40%  of 
msuor  system  outages  are 
due  to  operator  error.  9  9 

Alan  Ganek 

Vice  president  of  autonomic 
computina,  IBM 


be  upgraded  to  Layer  3  switching 
for  about  $2,000  extra. 

3Com  also  will  enter  the  FbE 
market  with  its  SuperStack  3 
Switch  4400  PWR,  a  24-port 
10/100M  bit/sec  box  that  can 
deliver  power  to  802.3af  devices. 
The  box  will  be  able  to  power  the 
company’s  NBX  IP  phones  and 
802.11  wireless  LAN  access 
points.  In  the  past,  these  devices 
could  be  powered  with  third- 
party  FbE  equipment  from  ven¬ 
dors  such  as  FbwerDsine.When 
coupled  with  an  uninterruptible 
power  supply,  FbE-enabled 
switches  can  be  used  to  ensure 
that  IP  phones  operate  during  a 
power  outage.  Whereas  this  “dial 
tone  in  the  dark”  capability  has 
been  standard  on  office  phone 
systems  for  years,  the  lack  of  inline 
power  to  IP  phones  has  been  seen 
as  a  hindrance  to  widespread  IP 
telephony  adoption. 

3Com’s  and  Foundry’s  FbE  gear 
will  compete  with  switches  from 
Avaya,  Cisco  and  Nortel,  which 
offer  FbE  LAN  switches  along  with 
IP  phones  and  IP  PBX  products. 

Foundry  also  will  release  a  new 
router  aimed  at  carriers.  The 
Fastlron  Edge  Switch  12GCF  is  a 
fixed-configuration  Layer  3  switch 
that  offers  12  fiber-based  and  cop¬ 
per-based  Gigabit  Ethernet  ports. 
Up  to  12  of  the  ports  can  be  used 
simultaneously,  allowing  users  to 
turn  on  a  mix  of  fiber  and  copper 
links.  The  switch  will  cost  $8,000 
for  a  base  Layer  3  configuration, 
which  includes  hardware-based 
routing.  A  $2,000  upgrade  will 
allow  for  full  Layer  3  capabilities 
with  routing  protocols  that  can 
provide  redundancy  and  faster 
performance,  including  Virtual 
Router  Redundancy  Protocol 
(VRRP),  Routing  Information  Pro¬ 
tocol  (RIP)  and  Open  Shortest 
Fbth  First  (OSPF7). 

Aimed  at  carrier  and  hosting 
provider  data  centers,  Foundry’s 
Netlron  4802  is  a  48-port  full  Layer 
3  routing  switch,  with  support  for 
protocols  such  as  VRRP  RIP  and 
OSPF  as  well  as  hardware-based 
Layer  3  packet  forwarding.  The 
box  will  cost  $15,000  with  a  full 
Layer  2  and  Layer  3  feature  set. 

Pricing  and  availability  have  not 
been  set  for  3Com’s  new  FbE  offer¬ 
ing.  Foundry’s  FbE  gear  is  sched¬ 
uled  to  be  available  in  June,  while 
the  Fastlron  Edge  Switch  12GCF 
and  Netlron  4802  router  are  slated 
to  ship  next  month.  ■ 


ARE  THE  SEVEN  DEADLY  INTERNET  SINS 
IMPACTING  YOUR  INFORMATION  SYSTEMS? 

Don  t  let  Internet  temptations 

► 

turn  into  corporate  liability. 

n\J  r<u  r<L» 

m  «  m 

The  allure  of  the  Internet  is  at  an  all-time  high. 

Whether  it’s  adult  entertainment,  gambling  or  hacking 
sites,  your  company  can’t  afford  to  ignore  the  risk. 

Limit  the  liability  threat  of  Internet  misuse  by  managing 
employee  Internet  access  with  Websense  Enterprise 
software.  Websense’s  superior  site  database,  flexible 
filtering  options,  and  comprehensive  reporting  and 
analysis  have  made  it  the  preferred  employee  Internet 
management  software  for  more  than  half  of  the 
Fortune  500.  And  with  its  easy  installation  and  seamless 
integration  with  the  leading  firewalls,  proxy  servers, 
network  switches  and  caching  appliances,  it’s  sure  to  be 
your  choice  for  eliminating  the  most  tempting  of  the 
seven  deadly  Internet  sins.  Just  take  a  peek  for  yourself. 
Visit  www.websense.com  today  for  more  information 
and  to  download  a  free,  30-day  trial. 
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Bigger  players  eye  WLAN  switch  arena 

Enterasys,  Nortel,  3Com  set  to  deliver  wireless  LAN  switches. 


■  BY  PHIL  HOCHMUTH  AND 
JOHN  COX 

Some  of  the  biggest  names  in 
wireline  switching  are  readying 
products  designed  to  incorporate 
wireless  LANs  more  fully  and 
securely  into  enterprise  networks. 

Those  plotting  announcements 
include: 

•  Enterasys  Networks,  which  is 
expected  to  unveil  in  a  few  weeks 
a  switching  architecture  that  uses 
specialized  chips  to  control  pack¬ 
ets  from  or  to  a  wireless  LAN. 

•  Nortel,  which  according  to 
one  source  familiar  with  the  com¬ 
pany’s  plans,  will  introduce  an 
“appliance”  that  sits  behind  a 
group  of  access  points  to  secure 
and  manage  them,  along  with  a 
wireless  access  point,  Nortel 
declined  to  comment,  other  than 
confirming  it  will  make  a  wireless 
LAN  announcement  at  the  CTIA 
Wireless  2003  show. 

•  3Com  plans  this  week  to 
unveil  at  the  CeBIT  show  in 


Germany  details  of  its  first  54M 
bit/sec  802.11a  wireless  access 
point.  3Com  won’t  say  whether  it 
has  any  sort  of  switched  architec¬ 
ture  in  the  works. 

•  Cisco,  a  leader  in  the  wireless 
LAN  access  point  market,  de¬ 
clines  to  say  whether  it  has  a  wire¬ 
less  switch  in  the  works. 

Discussion  of  tying  wireless 
LANs  into  traditional  wired  net¬ 
works  largely  has  been  the 
domain  of  a  handful  of  start-ups, 
such  as  Aruba  Networks  and  Trap¬ 
eze  Networks,  plus  wireless  veter¬ 
ans  such  as  Proxim  and  Symbol 
Technologies.  So  far,  there’s  been 
more  talk  than  product. 

Still,  the  start-ups  are  at  least 
talking  a  good  game, according  to 
Enterasys  CTO  John  Roese. 

“  [They]  have  it  right,  in  promot¬ 
ing  cooperation  between  the 
switching  system,  which  is  a  more 
robust  control  point,  and  the 
access  point,  which  is  very  much 
a  price-driven  product,”  Roese 
says.  “They’re  making  access 


New  names 

Start-ups  such  as 
Airespace,  Airflow, 
Aruba,  Trapeze  and 
Vivato  have  generated 
most  of  the  noise  so  far 
around  the  emerging 
product  category  of 
wireless  LAN  switches. 
Venture  capitalists  have 
poured  a  total  of  $74 
million  into  these  five 
companies  alone. 


points  more  of  a  dumb  antenna 
[and  radio], and  the  switch  more 
of  the  brain. That  is  a  good  thing.” 

In  most  cases,  these  wireless 
brain  functions  are  being  written 
in  software  and  loaded  onto  a 
standard  or  custom-built  Ethernet 
switch.  But  Enterasys  is  loading 
these  functions  into  ASIC  or  spe¬ 


cialized  chips. 

“Everything  [wireless  LAN 
switch  vendors]  can  do,  can  be 
done  better  in  a  switch  and 
access  point  rather  than  in  one 
very  narrowly  focused  [wireless] 
appliance,”  Roese  says. 

Enterasys  offers  a  range  of 
wireless  LAN  products  along 
with  its  wired  switches.“Our  cur¬ 
rent  switch  and  access  point 
architecture  works  well  togeth¬ 
er]’  Roese  says.“But  what  we’ll  be 
adding  are  single-user  and  multi¬ 
user  authentication,  as  well  as 
IEEE  802.  IX  [a  port-based 
authentication  standard].” 

Roese  says  the  new  ASICs  will 
let  companies  with  Enterasys 
switches  create  and  apply  per¬ 
user  and  per-port  access  and  ser¬ 
vice  policies  across  the  wireless 
LAN.  “Instead  of  having  a  single 
[data]  rate  limit  per  access 
point, you  could  have  individual 
rate  limits  per  application  or  per 
user  attached  to  that  access 
See  Switch,  page  74 


Directory  projects  worth  the  pain 

Survey  of  large  users  says  systems  provide  ID  management,  security  platform. 


Lessons  learned 

A  recent  Burton  Group  survey  of  large  corporate  users 
who  successfully  had  completed  a  directory  project 
highlighted  a  number  of  lessons  the  companies  learned. 


•  The  most  difficult  issues  will  be  political  in  nature. 

•  Many  data  owners  resist  allowing  data  to  be  stored  in  the 
directory;  multiple  parties  may  declare  ownership  of  an  attribute; 
or  no  owner  will  accept  responsibility  for  an  attribute. 

•  Data  quality  before  the  implementation  is  probably  worse  than 
anticipated. 

•  Virtual  project  teams  can  virtually  disappear  when  priorities 
change  in  other  organizations  and  business  units. 

•  Targeting  the  easy  wins  or  "low-hanging  fruit"  demonstrates 
success  early  in  a  project. 


■  BY  JOHN  FONTANA 

Corporate  directory  projects  eas¬ 
ily  can  top  $4  million  and  are  rife 
with  peril,  but  companies  that  suc¬ 
cessfully  deploy  the  technology 
can  unify  user  identities  and  build 
new  security  services,  according 
to  a  new  report. 

Creating,  maintaining  and  using 
digital  identities,  known  as  identity 
management,  is  such  a  critical  is¬ 
sue  that  it  is  sparking  conversa¬ 
tions  right  up  to  the  highest  levels 
in  organizations, says  Gerry  Gebel, 
an  analyst  with  Burton  Group  and 
author  of  the  report,  titled  “Direct¬ 
ory  Strategy  Survey:  Organizations 
Share  Their  Real-Life  Experiences.” 

“To  begin  building  federated  identity  ser¬ 
vices,  single  sign-on,  and  attribute  sharing 
between  partners  and  different  security 
domains,  you  need  to  get  a  directory  estab¬ 
lished  that  is  an  authoritative  source  of  data,” 
Gebel  says. 

But  that's  not  easy.  The  survey  which  details 
the  trials  and  tribulations  of  nearly  a  dozen 
directory  projects  at  large,  unnamed  global 
companies,  found  that  the  average  directory 
project  cost  between  $2  million  and  $4  mil¬ 
lion  last  year. Those  figures  included  software, 
hardware,  staffing  and  professional  services. 
The  projects  lasted  from  12  to  18  months. 


And  that  may  be  the  easy  part.  Like  any  large 
project,  building  a  directory  requires  approval 
across  an  organization. The  survey  found  that 
successful  directory  projects  began  with 
building  a  strong  business  case,  lining  up  sup¬ 
porters  within  the  organization  and  establish¬ 
ing  a  directory  governance  model  that  stays  in 
place  from  implementation  through  opera¬ 
tion  of  the  directory.  Also  important  was  devel¬ 
oping  a  set  of  guiding  principles  and  detailed 
documentation. 

“With  the  directory,  we  find  a  lot  of  people 
don’t  get  it,"  says  Gebel,  who  wanted  to  show 
what  others  have  done  to  create  awareness  of 
how  successful  directory  projects  are  run. 


The  survey  participants  built 
directory  services  that  provide  a 
central  user  identification 
repository  that  integrates  with 
applications  and  serves  as  a 
platform  for  general-purpose 
security  services,  such  as 
authentication  and  authoriza¬ 
tion.  Most  had  implemented 
metadirectory  services  to  link 
multitiered  directories. 

From  there,  most  users  planned 
to  add  features  such  as  self-service 
capabilities,  provisioning  and 
password  synchronization. 

But  getting  to  that  point  presents 
many  challenges. 

“Who  owns  data  and  who  is 
responsible  for  data  can  become  a  nasty  busi¬ 
ness  to  sort  out,”  says  Gebel,  adding  that  creat¬ 
ing  a  business  case  and  documenting  ROI  are 
other  challenges. 

“You  can  build  the  business  case  on  identity 
management  but  that  doesn’t  make  your  pro¬ 
ject  a  fait  accompli,”  he  says. 

The  survey  found  that  most  projects  bene¬ 
fited  from  governance  teams  that  developed 
standards,  content  rules  and  data  usage 
guidelines. 

“A  directory  gives  you  a  foundation  and  the 
ability  to  move  quickly  as  your  business 
changes,”  Gebel  says.  “But  it’s  not  about  the 
directory.it  is  about  managing  data.”B 
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The  new  HP  ProLiant  DL760 
G2  8-way  with  hot- plug 
RAID  memory. 

•  Up  to  eight  Intel®  Xeon™  MP 

1.5  GHz  or  2.0  GHz  processors 

•  Up  to  64GB  addressable  memory 

•  Groundbreaking  F8  chipset 

•  10-64  bit/100  MHz  PCI-X, 

1-64  bit  33  MHz  slots 

•  Remote  Insight  Lights-Out  Edition  II 
(optional)  for  Remote  Server  Mgmt. 


The  new  HP  ProLiant  DL740 
8-way  with  hot- plug 
RAID  memory. 

•  Ultradense  4u  modular  chassis 
with  up  to  eight  Intel®  Xeon™  MP 
1.5  GHz  or  2.0  GHz  processors 

■  Up  to  64GB  addressable  memory 

•  Groundbreaking  F8  chipset 

•  6-64  bit/100  MHz  PCI-X  slots 

•  Integrated  Lights-Out  Standard 
(iLO)  for  Remote  Server  Mgmt. 


What  challenges  do  you  face  today?  Decreasing  budgets?  The 
lurking  possibility  of  downtime?  It's  hard  enough  to  focus  on 
moving  your  business  forward  when  you're  constantly  looking 
over  your  shoulder  to  see  if  everything  is  up  and  running. 

Besides,  that's  the  job  of  the  new  HP  ProLiant  DL700  series 
running  Intel®  Xeon™  MP  processors.  An  adaptive  infrastructure 
begins  with  these  HP  ProLiant  servers  which  come  equipped 
with  tools  that  predict,  self-diagnose  and  fix  many  fault 
conditions.  And  now  with  hot-plug  RAID  memory  exclusively 
from  HR  you  can  add  or  replace  DIMMs  without  turning 
your  systems  off.  Both  work  with  the  HP  ProLiant  Essentials 
Foundation  Pack  featuring  Insight  Manager  7 software  which 
monitors  and  controls  your  infrastructure  for  maximum  uptime. 

At  the  end  of  the  day,  you'll  have  more  control  over  your 
infrastructure,  help  avoid  unplanned  downtime  and  reduce 
overall  maintenance  costs.  Not  to  mention  freeing  yourself 
up  for  more  important  things. 

To  learn  how  HP  ProLiant  servers  can  be  a 
part  of  maximizing  your  company's  uptime, 
download  CMP's  executive  brief  on  high  availability 
at  www.hp.com/go/proliant92  or  call 
1-800-282-6672,  option  5,  and  mention  code  YPQ. 


©  2003  Hewlett-Packard  Company.  Intel  and  the  Intel  Xeon  Logo  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries. 
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Net  execs  hope  to  spend  despite  tight  purse  strings 


a  BY  DENISE  OUBIE 

Talk  about  a  good  news-bad  news  propo¬ 
sition:  corporations  are  planning  to  spend 


money  on  oft-postponed  network  projects 
this  year  but  they’ll  only  spend  a  little  more 
than  they  did  last  year. 

A  recent  study  by  Forrester  Research 


Shorten  backups. 

Keep  information  available  to  users  with  a  StorageTek 
high  performance  library  and  the  new  LTO  Ultrium 
Generation  2  drive.  With  a  capacity  of  200GB  and  a 
blistering  30MB/second  transfer  rate,  you  can  complete 
backups  in  no  time.  And  it's  fully  read/write  compatible 
with  LTO  Ultrium  Generation  1  tape  drives,  so  it 
seamlessly  integrates  with  your  existing  StorageTek 
library.  This  kind  of  capacity,  speed  and  affordability 
make  the  LTO  Generation  2  drive  right  for  any 
demanding  IT  environment.  Like  yours.  For  more 
information,  visit  www.storagetek.com. 


^3  StorageTek * 

Save  the  Day.™ 


reports  overall  IT  spending  will  increase  by 
about  2%,  with  one-third  of  the  877  sur¬ 
veyed  companies  planning  to  spend  more 
in  2003  than  2002.  The  firm  found  that 
while  infrastructure  purchases  took  prece¬ 
dence  in  2002,  disaster  recovery  and  busi¬ 
ness  intelligence  software  applications  will 
top  the  majority  of  companies’  shopping 
lists  this  year  (see  graphic). 

“IT  execs  are  finding  that  they  can  only 
defer  upgrades  for  so  long.  Many  upgrades 
for  2001  were  deferred  into  2002  and  then 
from  2002  to  2003.The  issue  has  caught  up 
with  many  IT  organizations,”  says  Tom  Fbhl- 
mann,  senior  analyst  with  Forrester. 

Users  seem  to  agree  with  the  findings. 

“Regardless  of  the  economy  businesses 
will  eventually  have  to  move  forward  with 
IT  projects  because  it’s  going  to  reach  the 
point  where  they  won’t  have  a  choice  any¬ 
more,”  says  Basil  Blume,  CTO  at  Centennial 
Bank  of  the  West  in  Fort  Collins,  Colo. 

Blume  spent  the  past  two  years  replacing 
desktops  and  servers  for  the  bank.This  year 
he  will  request  many  maintenance  pro¬ 
jects,  each  with  a  small  price  tag  —  less 
than  $10,000.  While  his  IT  budget  is  down 
about  20%  (16%  to  17%  accounts  for  staff) 
from  last  year,  Blume  says  he  can’t  see 
many  companies  holding  off  on  technol¬ 
ogy  investments  for  much  longer. 

“I  came  into  the  organization  two  years 
ago  and  explained, ‘It’s  plumbing. You  have 
to  do  these  upgrades.  Investing  in  IT  is  not 
always  about  ROI’  ”  Blume  says. 

Brian  Jones  agrees.  He  doesn’t  expect  the 
15-year-old  IBM  Rolm  9751  PBX  system  at 
Virginia  Polytechnic  Institute  and  State 
University  in  Blacksburg  to  handle  the  load 
of  e-learning,  video-on-demand  and  voice- 
over-IP  applications.“Our  PBX  is  history;  it’s 
out  of  maintenance.  We  have  to  buy  pieces 
from  old  PBXs  to  keep  it  working,”  says 
Jones,  who  is  manager  of  network  engi¬ 
neering  and  operations  at  the  university 

But  before  it  upgrades  the  phone  system 
Jones  says  Virginia  Tech  will  put  its  IT  bud¬ 
get  dollars  (up  2%  to  3%  from  last  year) 
into  new  edge  devices  to  enable  Gigabit 
Ethernet  to  the  desktop  to  support  those 
bandwidth-hogging  applications. 

Rick  Beebe,  manager  of  systems  and  net¬ 
work  engineering  at  the  Yale  University 
School  of  Medicine  in  New  Haven,  Conn., 
saw  his  2002  budget  drop  10%  and  has  yet 
to  hear  the  final  word  for  potential  spend¬ 
ing  in  2003  (the  school’s  fiscal  year  ends 
June  30).  But  he  says  he  knows  projects 
such  as  a  networkwide  switch  upgrade  will 
take  priority  over  help  desk  and  other  cus¬ 
tomer-facing  applications. 

Also  because  his  network  supports  the 
medical  school,  regulatory  concerns,  such 
as  the  Health  Insurance  Portability  and 
Accountability  Act  (HIPAA),  force  Beebe 
to  stay  on  top  of  security  across  wireless 
LANs.  He  recently  started  investing  in  wire¬ 
less  tracking, sniffing  and  auditing  tools. 

“Access  points  are  too  easy  for  users  to 
install  themselves,  and  they  become  a  gap¬ 
ing  portal  to  the  inside  of  the  network,”  he 


Shopping  lists 

A  sampling  of  IT  spending  plans 
based  on  Forrester  Research’s 
recent  survey  of  nearly  900 
companies. 


Software  most  in  demand 

1.  Disaster  recovery 

2.  Application/portal  servers 

3.  Business  intelligence 

4.  Enterprise  application  integration 

5.  Content  management 


How  much  companies  plan  to  spend  on  hardware 


S100K  to  less 
than  S500K 


SI  million  or  more 


StOOK  to  less 
than  S500K 


81  million  or  more 


Less  than 
S1Q0K 

21% 


S100K  to  less 
than  S500K 


says.“HIPAA  is  going  to  require  us  to  close 
up  those  holes.  Of  course,  it’s  a  good  policy 
anyway  but  HIPAA  is  a  nice,  big  stick.” 

Many  enterprise  network  professionals  in 
2003  won’t  need  much  incentive  to  take  IT 
projects  off  the  back  burner  and  start  mov¬ 
ing  forward  in  their  technology  adoption. 
Yet  the  Forrester  report  also  found  that 
despite  continued  cuts  in  IT  positions  —  a 
separate  study  by  Challenger,  Gray  and 
Christmas  shows  more  than  270,000  tech¬ 
nology  jobs  were  cut  in  January  and 
February  of  this  year  already  —  most  com¬ 
panies  do  not  plan  to  beef  up  staff  to 
implement  much-needed  IT  projects. 

“For  the  most  part,  IT  execs  have  put 
more  dollars  into  the  pent-up  demand  for 
technologies  and  will  expect  their  staff  to 
once  again  do  more  with  less,"  Forrester’s 
Fbhlmann  says.  ■ 


O  2002  Storage  Technology  Corporation,  Louisville.  CO  All  rights  reserved.  $rora< 
and  Save  the  Day  are  either  trademarks  or  registered  trademarks  of  Storao  Teel 


BladeStore 


There  are  plenty  of  ways  to  shorten  backup  windows.  And  StorageTek  is  just  the  company  to  find  the  one  that's  right 
for  you.  Maybe  it's  BladeStore  as  part  of  disk-to-disk  backup,  or  an  L-Series  automated  tape  library  with  the  industry's 
fastest  tape  drive  -  the  T9940B.  Whatever  the  solution,  we  think  you  deserve  a  day  of  rest.  Learn  more  about  this 
story  and  other  ways  we  can  help  you  at  www.savetheday.com  STORAC  ETE  K  Save  the  Day.™ 
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services”  into  the  new  infrastructure,  says  ^  ^ 

Mark  Wegleitner,  senior  vice  president  and  CTO  at  Verizon. 

For  optical  services,  the  carrier  is  utilizing  wavelength 
division  multiplexing  (WDM)  technology  as  a  vehicle  for  a 
variety  of  service  offerings.  WDM  increases  fiber  capacity 
and  provides  faster  service  provisioning  than  SONET,  carri¬ 
ers  say 

Services  Verizon  plans  to  deliver  over  wavelengths 
include  traditional  SONET-based  TDM,  such  as  voice; 
Gigabit  Ethernet  data;  and  storage-area  network  offerings 
based  on  Enterprise  Systems  Connection,  Fibre 
Connection  and  Fibre  Channel,  Wegleitner  says. 

WDM  is  the  transport  mechanism  for  those  services 
under  Verizon’s  recently  announced  Enterprise  Advance 
initiative  (for  further  details  go  to  www.nwfusion.com, 
DocFinder:  4655),  he  says. 

“We’re  seeing  an  emerging  market  requirement  from  en¬ 
terprise  customers  for  wave¬ 
length  capabilities, "Wegleitner 
says.  “What  we’re  doing  with 
Enterprise  Advance  is  going 
upchain  into  managed  ser¬ 
vices  using  wavelength  as  the 
transport.” 

Corporations  are  attracted  to 
wavelength-delivered  services 
because  they  require  less 
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services,”  says  Robert  Primavera,  assistant 
vice  president  at  Eastern  Bank  in  Lynn, 
Mass.  “One  thing  that  I’ve  been  watching 
v-  very  closely  is  what  they’ll  invest  in  state- 
of-the-art  technology  that  we  need  to  converge  our  voice 
and  data  around.” 

Uniform  maker  Unifirst  similarly  has  not  been  privy  to 
any  new  service  rollouts  Verizon  might  have  in  the  pipe¬ 
line.  But  the  Wilmington,  Mass.,  company  has  its  own  RFP 
out  on  the  street  for  a  frame  relay  service  to  interconnect 
its  sites  across  the  country 

Unifirst  wanted  to  evaluate  Verizon  for  that  but  the  carrier 
did  not  respond  to  the  RFP  says  Doug  Hogue, project  man¬ 
ager  for  telecommunications. 

“They  basically  decided  it’s  a  national  network  and  not 
to  bid  on  it,”  Hogue  says.The  reason  we  were  given  is  that 
they  didn’t  feel  they  could  be  competitive.” 

That  could  soon  change.  One  of  the  key  reasons  RBOCs 
are  engaging  in  these  next-generation  buildouts  is  the 
expectation  that  they’ll  be  able  to  offer  national  long-dis- 


Bell  blueprint 


While  the  RBOCs  are  reducing  capital  expenditures  (capex)  this  year,  they  still  intend 
to  spend  billions  of  dollars  on  infrastructure  to  support  new  services. 


Qwest 

•  Estimated  capex:  $2  billion  to  $2.8  billion. 

•  New  gear:  optical  add/drop  muxes, 
multiservice  provisioning  platforms. 

•  Service  sampler:  mixing  of  IP,  ATM  and 
frame  relay  across  sites. 


SBC 

•  Estimated  capex:  $5.5  billion. 

•  New  gear:  edge  and  core  routers, 
Ethernet  switches. 

•  Service  sampler:  IP-enabled  frame 
relay,  metro  transparent  LAN. 


fiber  and  are  provisioned 
more  quickly  than  tradi¬ 
tional  SONET-based  ser¬ 
vices,  observers  say. 

For  IP  services, 

Verizon  has  RFPs  out 
for  core  and  edge 
routers  along  with 
multiservice  switches. 

In  edge  routing,  Verizon 
reportedly  is  spending  up 
to  $300  million  on  next- 
generation  IP  service  routers 
(for  more  on  the  RBOCs’ 

RFPs, see  related  story  at  Doc- 
Finder:  4660). 

The  carrier  plans  to  build 
out  metropolitan  IP  networks 
and  scale  up  the  IP  capabili¬ 
ties  of  its  backbone  to  con¬ 
struct  a  multiservice  infra-  1 _ 

structure  for  end-to-end  pack¬ 
et  services  on  a  national  or  perhaps  even  an  international 
scale. 

This  end-to-end  IP  network  will  support  Verizon’s  current 
DSL  aggregation  and  Internet  access  applications,  as  well 
as  IP  VPNs  for  enterprise  customers,  Wegleitner  says.  Other 
applications, such  as  voice-over-lP  and  triple  play  —  voice, 
video  and  data  —  will  follow. 

Multi-protocol  Label  Switching  (MPLS)  enables  all  of 
this.  It  is  a  required  component  of  virtually  all  products  that 
the  RBOCs  evaluate  for  next-generation  buildouts.  MPLS 
lets  Verizon  tunnel  legacy  but  revenue-rich  Layer  2  access 
services  such  as  frame  relay  and  ATM,  and  a  newer 
Transparent  Ethernet  LAN  offering,  through  an  IP  back¬ 
bone  that  provides  quality  of  service  (QoS),  traffic  engi¬ 
neering  and  reliable  failover,  he  says. 

“MPLS  is  to  be  treated  as  the  target,"  Wegleitner  says. 
“That’H  give  us  the  ability  to  provide  all  the  things  at  Layer 
3  or  at  Layer  2,  and  do  it  all  on  a  common  infrastructure.” 

All  this  activity;  however,  has  escaped  at  least  some 
Verizon  customers. 

"1  have  not  heard  anything  from  them  in  regards  to  [new] 


Verizon 

•  Estimated  capex:  $13  billion 

•  New  gear:  wavelength  division  muxes, 
edge  and  core  routers,  ATM  edge  switches. 

•  Service  sampler:  Gigabit  Ethernet,  IP 
VPNs,  voice  over  IP. 


RBOC  2002  revenue  and 
earnings/loss  (in  billions) 


$43.2 


tion  of  271  relief,  SBC’s  $5.5  billion  budget  this  year  — 
about  half  of  what  it  was  in  2001  —  includes  deployment 
of  core  routers  for  a  national  IP  backbone  to  support  all  its 
data  services,  including  frame,  ATM  and  IP  VPNs  (for  more 
details,  go  to  DocFinder:  4656). 

Many  analysts  say  IP  VPN  tunnels  eventually  could  re¬ 
place  frame  relay  and  ATM  permanent  virtual  circuits.  SBC 
is  deploying  a  new  generation  of  edge  routers  that  might 
anchor  a  new  IP-enabled  frame  relay  service  that  supports 
frame  relay  or  ATM  access  to  a  routed  IP  VPN,  says  Ralph 
Ballart.vice  president  of  broadband  infrastructure  and  ser¬ 
vices  at  SBC’s  Technology  Resources  unit. 

MPLS  makes  this  possible.  SBC’s  edge  routers  support 
RFC  2547,  an  IETF  specification  for  the  construction  of 
MPLS-based  Layer  3  IP  VPNs. 

“We’re  obviously  looking  at  pure  IP  capabilities  that 
would  be  end-to-end  IP,”  Ballart  says.  MPLS  would  enable 
traffic  engineering,  class  of  service  and  voice  over  IP 
(VoIP)  on  the  backbone. 

MPLS  also  plays  a  role  in  SBC’s  optical  trials,  buildouts 
and  impending  service  rollouts.  SBC 
has  a  metropolitan  transparent  LAN 
service  project  under  way  that  will 
use  MPLS  for  scalability  by  alleviating 
the  need  for  Ethernet  switches  to 
know  the  media-access-control 
addresses  of  all  computer  systems 
attached  to  the  transparent  LAN  net¬ 
work,  Ballart  says. 

So  SBC  will  be  invest  in  new  Ether¬ 
net  switches  to  overlay  older  SONET 
systems  that  can’t  be  upgraded  to 
support  Ethernet.The  carrier  will  turn 
up  this  transparent  LAN  service  later 
this  year,  Ballart  says. 


$67.6 


$22.4 


$15.5 


1.4 


BellSouth 

•  Estimated  capex:  $2.5  billion  to  $3.2  billion. 

•  New  gear:  edge  and  core  IP  routers,  SONET 
multiservice  provisioning  platforms. 

•  Service  sampler  network-based  VPNs,  managed 
wavelengths,  upgraded  metro  Ethernet. 


*  Includes 
more  than 
$40  billion  in 
-$35.9'  writedowns. 


Watching  pennies 

The  Bells’  estimated  2003 
capex  numbers  are  off 
25%  (Verizon)  to  as 
much  as  75% 
(Qwest)  from  2001. 


tance  service  under  Section  271  of  the  Telecommunica¬ 
tions  Act  of  1996.  That  proviso  states  that  the  local  ex¬ 
change  carriers  can  enter  the  long-distance  market  pro¬ 
vided  they  open  their  local  loops  to  competitors. 

And  a  key  motivation  for  RBOCs  to  offer  long-distance  is 
the  requirement  that  Hogue  described:  the  need  for  frame 
relay  service  nationwide.  Currently,  interexchange  carriers 
AT&T, Sprint  and  WorldCom  dominate  that  multibillion-dol- 
lar  market. 

“  [The  RBOCs  have]  really  been  shut  out  of  the  most  lucra¬ 
tive  part  of  the  frame  relay  business,  and  that’s  the  long-haul 
portion,”  says  Curtis  Price,  an  analyst  at  Stratecast  Partners. 
“Section  271  gives  them  the  opportunity  to  go  head  to  head 
with  those  companies  on  the  long-haul  portion.  When  you 
think  about  how  large  that  frame  relay  market  is,  stealing 
market  share  from  the  three  [interexchange  carriers]  is 
going  to  be  the  low-hanging  fruit  that  they  go  after." 

SBC’s  data  plan 

SBC  offers  frame  relay  and  ATM  services  in  Texas, 
Missouri,  Oklahoma,  Kansas  and  Arkansas.  But  in  anticipa- 


BellSouth  bullish  on  MPLS 

BellSouth  is  another  MPLS  propo¬ 
nent. The  carrier  announced  plans  to 
deploy  terabit-capable  core  IP 
routers  with  MPLS 
to  converge  all 
its  network  traf¬ 
fic  —  including 
frame  and  ATM 
—  onto  one 
backbone. 

MPLS  will  let 
BellSouth 
launch  a  new 
network-based 
VPN  offering  by 
the  end  this 

month.  BellSouth  is  finalizing  a  deal  on  an  edge  MPLS 
router  buildout  for  this  service. 

“The  great  part  is  that  MPLS  allows  you  to  mix  and 
match,”  says  Mark  Kaish,  vice  president  of  data  product 
management  for  BellSouth. “A  small  location  could  come 
in  on  DSL  and  that’s  DSL  at  Layer  2,  not  Layer  3,  so  that 
removes  the  security  concerns.” 

Larger  locations  could  use  frame,  ATM  or  even  Ethernet, 
Kaish  says.  With  MPLS  at  the  core,  the  access  technology 
wouldn’t  matter. 

BellSouth  is  devoting  12%  to  15%  of  its  revenue  —  or 
roughly  $2.5  billion  to  $3.2  billion  —  to  capital  expendi¬ 
tures  this  year.  That’s  down  from  $3.8  billion  last  year  and 
about  half  of  the  $6  billion  spent  in  2001. 

In  addition  to  MPLS-enabled  edge  and  core  routers,  Bell¬ 
South  is  purchasing  SONET  multiservice  provisioning  plat¬ 
forms  for  edge  and  core  applications,  and  upgrading  its 
metropolitan  Ethernet  switches. 

Multiservice  gear  will  be  deployed  for  customers 

See  Bells,  page  15 
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subscribing  to  managed  wavelength  ser¬ 
vices  that  support  IR  SONET,  ATM  or 
Ethernet  for  connecting  storage  networks, 
data  centers,  mainframes  and  high-band¬ 
width-demand  locations. 

BellSouth  offers  metropolitan  Ethernet 
services  in  its  region,  at  speeds  of  10M, 
100M  and  1G  bit/sec.  But  the  carrier  is 
upgrading  its  metropolitan  Ethernet 
switches  to  offer  better  QoS  and  virtual 
LAN  (VLAN)  stacking,  Kaish  says.  VLAN 
stacking  would  let  a  customer  have  multi¬ 
ple  VLANs  coming  out  of  one  port,  which 
isn’t  possible  with  the  older  metropolitan 
Ethernet  equipment. 

Qwest's  game  plan 

Like  other  RBOCs,  Qwest  is  focused  on 
bringing  multiple  services  onto  a  unified 
network  backbone.  Unlike  the  others,  the 
carrier  isn’t  entirely  sold  on  MPLS. 
“At  this  point  I  can’t  say  MPLS  would  be  the 
grand  strategy  says  Augie  Cruciotti,  execu¬ 
tive  vice  president  at  Qwest. 

Qwest  has  turned  up  MPLS  Fast  Reroute 
for  network  recovery  and  is  working  on 


some  MPLS-based  services.  But  the  carrier 
doesn’t  see  an  immediate  need  to  imple¬ 
ment  traffic  engineering,  a  key  application 
for  steering  traffic  onto  distinct  routes  for 
QoS  and  other  deterministic  capabilities. 

Qwest  says  it  will  consider  traffic  engi¬ 
neering  as  traffic  patterns  change  to  ensure 
it’s  a  good  business  decision. 

But  Qwest  needs  a  way  to  bridge  its  sepa¬ 
rate  IR  ATM  and  frame  relay  networks. 
Customers  currently  cannot  mix  and 
match  these  technologies  across  different 
sites  if  they  want  the  sites  to  be  able  to 
communicate. 

“Once  you  leave  the  customer  premises, 
we’d  be  going  to  a  single  backbone,” 
Cruciotti  says.“We’d  take  the  frame,  ATM,  IR 
and  map  it  all  together” 

Qwest  is  attempting  to  get  its  frame  and 
ATM  services  to  work  together.  Cruciotti  ex¬ 
pects  the  project  to  run  into  next  year. 

Qwest  is  the  least-aggressive  RBOC  when 
it  comes  to  spending  this  year  because  the 
carrier  finished  its  local  and  long-haul  net¬ 
work  buildouts  last  year.  It  also  is  distracted 
by  investigations  into  its  accounting  prac¬ 
tices  by  the  Securities  and  Exchange  Com¬ 
mission  and  U.S. Congress,  and  by  its  red  ink 
—  Qwest  recorded  a  net  loss  of  $35.9  bil¬ 


lion  in  2002,  and  a  $4.8  billion  loss  in  2001. 

So  the  company  doesn’t  plan  on  making 
large  network  capital  expenditures  this 
year, Cruciotti  says.  It  will  spend  between  $2 
billion  and  $2.8  billion  this  year  vs.  $3  bil¬ 
lion  last  year,  and  $8.5  billion  in  2001. 

“There’s  no  new  grand  technology  he 
says.  “We’re  basically  going  with  what  we 
have  in  place  now!’ 

For  optical  services,  the  carrier  will  incre¬ 
mentally  deploy  optical  add/drop  multi¬ 
plexers,  multiservice  provisioning  plat¬ 
forms  and  point-to-point  dense  wavelength 
division  multiplexing.  In  Ethernet,  Qwest  is 
tracking  the  progress  of  the  IEEE  802.3ah 
standard  that  will  enable  transport  over 
copper.  Qwest  says  this  standard  could 
drive  demand  for  metropolitan  Ethernet 
among  its  customers. 

We  can't  hear  you  now 

The  RBOCs  are  much  less  aggressive  on 
next-generation  voice.Though  all  are  inter¬ 
ested  in  offering  end-to-end  VoIR  they  are 
still  mainly  kicking  the  tires  of  softswitches 
and  media  gateways  in  lab  trials. 

Momentum  seems  to  be 
building  gradually  in  IP 
Centrex.  SBC  rolled  out  IP 


and  DSL  Centrex  services  last  year.  Verizon 
is  evaluating  gateway  and  softswitch  equip¬ 
ment  in  an  IP  Centrex  trial  in  Chicago.  Bell¬ 
South  is  working  on  IP-enabling  its  Centrex 
services  for  smaller  businesses,  and  Qwest 
is  looking  to  set  up  an  IP  Centrex  hosting 
environment  that  would  run  an  applica¬ 
tion  emulating  call  control  and  call  setup. 

Qwest  and  BellSouth  run  private  VoIP  net¬ 
works  for  some  enterprise  clients  in  which 
the  carriers  resell  VoIP  customer  premises 
equipment  and  then  provide  WAN  trans¬ 
port  for  that  traffic.  But  quality  is,  has  been 
and  probably  will  continue  to  be  an  issue 
for  VoIR  these  service  providers  say. 

“The  quality  we  need  isn’t  there  yet,” 
BellSouth’s  Kaish  says.“So  we’re  working 
directly  with  the  vendors  to  come  up 
with  something  that  will  deliver  ‘five 
nines’  reliability” 

“QoS  is  still  an  issue,”  says  Teresa  Taylor, 
executive  vice  president  of  Qwest  product 
management  and  pricing. 

Despite  the  challenges,  RBOCs  contin¬ 
ue  to  spend  billions  of  dollars.  And  as 
certain  restrictions  are  lifted,  the  purse 
strings  should  loosen  up  a  bit 
more,  carriers  and  observers 
say.  ■ 
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Network  Associates  tossing  wider  net 

Company  plans  busy  year  of  new  product  releases,  including  antispam  and  intrusion  detection. 


■  BY  ELLEN  MESSMER 

NEW  YORK  —  Network  As¬ 
sociates  last  week  laid  out  plans 
to  move  into  new  areas,  from 
spam  control  to  intrusion  pre¬ 
vention^  well  as  to  augment  its 
antivirus,  help  desk  and  protocol 
analysis  products. 

CEO  George  Samenuk,  speak¬ 
ing  at  the  company’s  annual  Wall 


Street  analysts  briefing,  wasn’t 
forced  to  spend  much  time  con¬ 
vincing  anyone  that  the  company 
has  cleaned  up  its  act  since  he 
came  onboard  two  years  ago 
amid  mounting  financial  losses. 
But  the  big  question  was  whether 
the  company,  which  turned  a 
healthy  profit  last  year  and  is  aim¬ 
ing  for  $1  billion-plus  in  revenue 
this  year,  can  succeed  in  expand¬ 


Redline  seeks  to 
boost  intranets 


■  BY  TIM  GREENE 

CAMPBELL,  CALIF  —  Redline 
Networks  this  week  will  look  to 
extend  beyond  its  acceleration 
products  for  publicly  accessible 
Web  servers,  with  an  offering  for 
speeding  up  and  securing 
intranets. 

The  company’s  new  E/X  3250 
Enterprise  Web  I/O  Accelerator 
sits  on  a  corporate  LAN  in  front  of 
Web  servers,  coordinating  Web 
sessions  between  end  users  and 
the  servers.  By  customizing  traffic 
for  the  type  of  Web  browser  being 
used  and  multiplexing  sessions 
to  the  Web  servers,  Redline  says 
the  product  can  reduce  response 
times  by  as  much  as  90%  and 
enable  servers  to  handle  up  to 
five  times  as  much  traffic. 

E/X  3250  is  designed  to  convert 
HTTP  traffic  into  secure  HTTP 
making  it  possible  to  secure  a 
site  via  encryption  without  hav¬ 
ing  to  recode  server  content. 

One  customer,  a  major  New 
York  financial  firm  that  asked  not 
to  be  named,  is  using  two  layers 
of  Redline  gear  to  buffer  servers 
running  Lotus’  Web  version  of 
Notes.The  Redline  devices  main¬ 
tain  Secure  Sockets  Layer  en¬ 
crypted  sessions  all  the  way  from 
remote  users  to  the  servers,  the 
user  says. 

Another  customer,  the  state  of 
New  Mexico, uses  Redline  gear  to 
speed  up  transactions  between 
its  motor  vehicle  department 
headquarters  and  about  75 
branch  offices. 

The  state  turned  to  Redline 
after  adding  a  Web  application 
for  handling  automobile  title 
transfers,  which  added  traffic  to 
the  department’s  frame  relay 


Redline's  new  E/X  3250  Web  I/O 
Accelerator  is  designed  to  speed 
up  internal  company  Web  pages. 


WAN.  Performance  of  the  applica¬ 
tion  was  so  poor  that  the  depart¬ 
ment  checked  the  bandwidth  on 
its  56K  bit/sec  links  to  the  branch 
offices  and  found  that  many  were 
getting  just  28K  bit/sec,  says  Ed 
Ramos,  CIO  of  the  state’s  taxation 
and  revenue  administration, 
which  oversees  the  motor  vehicle 
department. 

He  installed  a  Redline  box  in 
front  of  the  Web  server  for  the 
application  and  response  time 
was  cut  by  70%,  he  says.  “We  got 
T-l  performance  out  of  a  56K 
line,”  he  says. 

Redline,  which  competes  with 
vendors  such  as  NetScaler,  Pac- 
keteer  and  PicturelQ,  makes 
another  line  of  gear  called  the 
T/X  designed  for  speeding  access 
to  public  Web  servers. 

The  E/X  3250  includes  features 
the  TX  models  lack.  One  is  sup¬ 
port  for  authenticating  users 
through  Windows  NT  LAN  Man¬ 
ager,  and  denying  machines  that 
lack  certificates  from  trusted  cer¬ 
tificate  authorities.  Another  is 
called  protocol  scrubbing,  which 
detects  and  corrects  HTTP  pack¬ 
et  abnormalities,  shielding  Web 
servers  from  potential  attacks 
that  the  abnormal  packets  might 
contain. 

The  E/X  3250  costs  $30,000  and 
is  available  this  week. 

Redline:  www.redlinenetworks. 
com 


ing  beyond  its  core  markets  with 
offerings  that  address  an  ever- 
more-complex  network  security 
environment. 

“A  year  ago  we  didn’t  have  a  lot 
of  new  product  announcements, 
but  this  year  you  will  see  a  blitz 
from  us,”  Samenuk  said. 

Network  Associates  officials 
said  customers  are  demanding 
faster  response  times  to  threats, 
pointing  out  that  intrusion-pre¬ 
vention  equipment  will  play  a  key 
role.  Such  products  are  designed 
to  block  attacks,  not  just  detect 
them  as  do  intrusion-detection 
systems  (IDS).  Network  Associ¬ 
ates  plans  to  get  into  that  market 
next  year,  although  the  announce¬ 
ment  was  short  on  details. 

“As  an  industry  we  aren’t  stop¬ 
ping  these  attacks  well,”  Presi¬ 
dent  Gene  Hodges  said.  “You 
have  to  be  able  to  make  a  deci¬ 
sion  in  the  network  in  startlingly 
short  time  spans,  moving  from 
what  was  once  hours  to  a  frac¬ 
tion  of  a  second.” 

Network  Associates’  new  inter¬ 
est  in  intrusion  prevention  is  com¬ 
plicated  by  the  company’s  in¬ 
volvement  with  Internet  Security 
Systems  (ISS),  which  specializes 
in  intrusion  detection.  Because 
Network  Associates  lacked  its 
own  intrusion-detection  offering, 
the  company  last  year  licensed 
IDS  technology  from  ISS  to  incor¬ 
porate  into  a  gigabit-speed  edi¬ 
tion  of  the  Sniffer  protocol  ana¬ 
lyzer  —  dubbed  Impermia  — 
scheduled  to  be  available  by 
midyear. 

But  last  week,  Network  Associ¬ 
ates  executives  left  room  for  a  lot 
of  doubt  about  the  future  of  the 
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What  does  Sun  call  its 
peer-to-peer  network 
technology? 
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Network  Associates  has  a  slew  of  products  coming  up. 

Q2:  SpamKiller  Enterprise;  High-Speed  Sniffer  analyzer;  Impermia 
(Sniffer  with  intrusion-detection). 

Q3:  ePolicy  Orchestrator3.0  management  console;  Magic  7.7  help 
desk  application;  Desktop  Firewall  8.0. 

04:  ThreatScan  3.0,  content  management  technology. 

2004;  Focus  on  intrusion  prevention  and  security  information 
management. 

A  year  ago  we  didn't  have 
a  lot  of  new  product  announce¬ 
ments,  but  this  year  you  will 
see  a  blitz  from  us. 

George  Samenuk 

CEO.  Network  Associates 


relationship  with  ISS  in  terms  of 
evolving  Impermia  into  a  prod¬ 
uct  for  intrusion  prevention. 

“ISS  is  the  dominant  leader  in 
intrusion  detection,  and  we  are 
feverishly  working  to  get  the 
new  product  out  in  the  second 
quarter,”  Samenuk  said. “It  does¬ 
n’t  mean  we  won’t  look  at  other 
partners  or  products.  It’s  an 
experiment.” 

Network  Associates,  like  rival 
Symantec,  is  looking  to  make  a 
stronger  play  in  intrusion  protec¬ 
tion  than  either  of  them  did  in 
IDS.  Neither  was  very  successful 
with  internal  development,  and 
Symantec  even  bought  IDS  com¬ 
pany  Recourse  Technologies  last 
August. 

Network  Associates  also  is  keen 
on  being  able  to  offer  a  security 
information  management  prod¬ 
uct,  which  would  combine  alert 
and  event  data  from  multiple  ven¬ 
dors’ security  systems, such  as  fire¬ 
walls  or  IDS,  to  deliver  a  more 
complete  view  of  a  security  situa¬ 
tion.  The  company  intends  to 
publish  an  open  API  for  its 
ePolicy  Orchestrator  and  invite 
vendors  to  use  it  to  share  data 
with  the  Network  Associates  man¬ 
agement  system,  Hodges  said. 

Few  security  information  man¬ 
agement  products  are  on  the 
market,  mainly  from  start-ups 
such  as  ArcSight  and  NetForen- 
sics.  But  established  players, 
such  as  Check  Fbint,  Computer 
Associates  and  Symantec,  have 
begun  plotting  a  road  map  for 


their  offerings. 

Network  Associates  customers 
are  supportive  of  the  company’s 
product  direction. 

“It  would  be  leveraging  the 
Sniffer  product  to  respond  to  any 
intrusion  issues,”  said  Tony  Cel- 
lante,  managing  director  of  the  IT 
group  at  Bear  Stearns,  which  uses 
Sniffer  for  network  analysis. 

Even  as  it  sorts  out  its  plans  for 
security  information  manage¬ 
ment  and  intrusion  prevention, 
Network  Associates  is  enhanc¬ 
ing  existing  products.  Highlights 
include: 

•  Desktop  Firewall  8.0,  which 
will  let  administrators  better  en¬ 
force  policies,  such  as  requiring 
individuals  to  update  their  anti¬ 
virus  software  every  day  or  have 
their  access  to  certain  applica¬ 
tions  blocked. 

•  EPblicy  Orchestrator  3.0,  up¬ 
graded  management  software 
that  will  have  a  custom  wizard 
for  use  by  small  businesses. 

•  Magic  7.7  help  desk  software, 
which  will  include  asset  discov¬ 
ery  to  gauge  the  network  user’s 
IP  address  and  applications. 

Network  Associates  also  is  seek¬ 
ing  to  fight  off  Symantec’s  success 
in  the  consumer  market  through 
a  number  of  reseller  deals  with 
service  providers  AOL,  MSN  and 
Sprint  and  equipment  manufac¬ 
turers  Apple,  Dell  and  Sony. 
Network  Associates  officials  said 
they  anticipate  making  more  for¬ 
mal  announcements  in  coming 
months.  ■ 
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you  really  as 
we  think  you 


As  racks  become  increasingly  popu¬ 
lated  with  thinner,  deeper  servers, 
high  power  densities  in  your  server 
room  or  data  center  can  create 
havoc,  from  early  equipment  failures 
to  expensive,  forget-about-your-job- 
security  downtime. 

Introducing  InfraStruXure™  architec¬ 
ture,  the  industry's  only  patent-pend¬ 
ing,  network-critical  physical  infra¬ 
structure.  InfraStruXure™  lets  you 
target  power  and  cooling  precisely 
where  your  mission-critical  applica¬ 
tions  live — the  rack  enclosure. 

And  because  InfraStruXure  architec¬ 
ture  uses  a  modular,  manageable,  pre¬ 
engineered  approach,  you  can  select 
standardized  components  to  create 
your  own  customized  solutions. 

Which  means  you  can  target  avail¬ 
ability,  pay  as  you  grow,  adapt  to 
change,  and  maximize  efficiency 
while  minimizing  installation,  operat¬ 
ing,  service,  and  maintenance  costs. 


On-demand  scalable,  manageable, 
pre-engineered  solutions 


[hot  air]-^— 


lnfraStru>\ure 
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[cold  air] 


InfraStruXure's  advanced  cooling 
components  help  remove  heat  from 
your  servers  and  target  air  circulation 
where  it  is  most  needed. 


High  power  densities  can  create  hot 
spots,  which  cause  equipment  failures 
and  expensive  downtime. 


Air  components  designed  for 
InfraStruXure ™  are  manageable  via 
network  technology,  and  feature  a 
modern,  reliable  design  with  fewer 
moving  parts. 


"Our  Video  on  Demand  (VOD) 
servers  are  air  cooled  from  front 
to  back.  The  APC  racks  that 
house  the  InfraStruXure  are  also 
designed  to  cool  from  front  to 
back.  So  the  same  racks  can 
effectively  house  our  power  sys¬ 
tem  and  our  servers.  " 

Vince  Pombo 

Vice  President  of  Engineering 

Rich  Flanders 

Director  of  Engineering 

Time  Warner  Cable 

"If  I  had  purchased  the  incum¬ 
bent  vendor's  3-phase  upgrade 
model,  I  would  have  paid  75% 
more  in  service  costs  over  the 
next  four  years  and  I  would 
have  had  to  utilize  50%  more  of 
my  precious  floor  space." 

Captain  Timothy  Riley 

Support  Services  Division 

City  of  Newport  Beach  Police  Department 

V _ _ _ . _ / 


POWER  RACK  AIR 


In  times  like  these,  it  pays  to  think 
smart.  For  more  information  on 
InfraStruXure's  open,  adaptable, 
integrated  approach  to  network- 
critical  physical  infrastructure,  visit 
us  online  today  at  www.apc.com. 
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New  Technology 

Awards,,  rose 


Winner  of  the  Windows  and  .Net  Magazine  "2002 
Reader's  Choice  Award  for  Best  High  Availability 
Solution"  and  the  GCN  “Best  New  Technology 
Award"  at  FOSE,  March  2002.  (Awarded  to 
PowerStruXure",  which  is  now  included  under  the 
InfraStruXure"  brand.) 


BEFORE 


Equipment  Racks 


Batteries 


UPSs 


Traditional  data  centers  are  built  out 
for  future  capacity  and  require  a 
large  amount  of  floor  space  that 
could  be  otherwise  utilized.  High 
power  density  racks  create  danger¬ 
ous  hot  spots. 


AFTER 


InfraStruXure™  lets  you  build  out  capacity 
only  as  it's  required.  Save  up  to  50% 
CapEx  and  20%  OpEx*,  and  reclaim  an 
average  of  20%  usable  space. 
InfraStruXure  AIR  delivers  cooling 
directly  where  it  is  needed,  eliminating 
dangerous  hot  spots. 


For  a  closer  look  at  InfraStruXure m,  attend  a  FREE  APC  Executive  Breakfast 
Seminar  in  your  area.  For  more  information  visit  http//pmmo.apc.com 
and  enter  key  code  below. 


M 

C  E  S  T  I  F  I  E  D 

InfraStruXure 

"APC 

Every  product  carrying  this  mark  has 
been  tested  and  certified  for  use  with 
InfraStruXure  ”  architecture.  Before 
you  buy,  check  for  the  X  to  guarantee 
product  compatibility. 


Legendary  Reliability 


*  Representative  savings  based  on  projected  power  infrastructure  build-out  costs  and  estimated  service  cost  per  unit  Actual  savings  may  vary. 


White  Paper:  "Avoiding  Costs  from  Oversizing  Data  Center  Infrastructure" 
Visit  httpy/promo.apcj:om  Key  Code  j390y  •  Call  888-289-APCC  x2703  •  Fax  401-788-2797 
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Speed  and  Security — On  the  Go! 


“We  have  been  able  to  reduce  our  credit  card  authorizations  to  an 


average  of  five  second  or  less,”  says  Marty  Maglio,  director  of  IT 
Architecture  for  Wawa  Food  Markets — a  convenience  store 
chain  with  more  than  550  locations  throughout  the  mid-Atlantic 
region  “This  has  improved  our  customer  service  while  cutting  our 
communication  costs  in  half!” 

The  Bottom  Line:  New  WAN  solution 
improves  customer  service,  saves  money 


Find  out  more  at  enterasys.com/nw/wawa3 


More 

Online 


High-Performance,  "Security  Tough"  Branch  Routers 


f'/fiSM  If  you've  been  fortunate  enough  to  vacation  on  a  tropical  island,  you  know  the  pleasure  of  getting  away  from  it  all. 
kJIm  Unfortunately,  if  you  own  an  island  home,  you  also  know  the  stress  of  maintaining  this  corner  of  paradise.  It's 
impractical  to  fly  back  and  forth  every  weekend  to  check  on  your  property,  so  you're  consumed  by  thoughts  of  burglary, 
fire,  flood.  Interestingly,  these  problems  are  similar  to  those  faced  by  a  CIO  struggling  to  manage  remote  office  networks. 


Central  Site 


New  security  routers  offer  several  options  for  WAN 
connectivity,  while  keeping  costs  in  check  and 
maintaining  the  highest  level  of  security. 


Security 

Router 


Branch  Office 


Like  a  beach-front  cottage,  your  branch 
offices  may  become  inaccessible  due 
to  natural  or  man-made  disasters.  IT 
systems  may  become  compromised  by 
malicious  hacker  attacks,  disgruntled 
employees  or  Internet-born  viruses. 
WAN  links  may  fail,  or  a  local  utility 
may  dig  up  their  lines  and  inadvertent¬ 
ly  cut  through  yourT-1  cable. 

To  compound  the  problem,  nobody  at 
the  branch  office  can  tell  the  difference 
between  Ethernet  and  Inkjet — so  if 
something  does  go  wrong  they  are  not 
likely  to  diagnose  a  Denial  of  Service 
attack  or  router  configuration  error. 

There  are  steps  you  can  take  to  protect  the 
remote  office  network.  The  most  obvious 
and  the  most  often  overlooked  is  disaster 


assessment.  Determine  the  nature  and 
extent  of  risks,  and  develop  contingencies 
to  address  these  risks.  Other  good  house¬ 
keeping  tasks  include  always  having 
Service  Level  Agreements  for  your  WAN 
connections,  using  distributed  firewalling, 
deploying  VPN  backup  services  and 
setting  up  automated  offsite  data  backup. 


Security  Routers  to  the  Rescue 

To  help  you  meet  the  challenge,  there  are 
new  security  routers.These  devices  provide 
connectivity  over  a  wide  range  of  WAN 
circuits — including  Frame  Relay,  T-l  and 
xDSL — as  well  as  cost-effective  and  rapidly 
deployed  VPN  tunnels.  A  security  router  also 
includes  firewalling  to  protect  remote  office 


networks  from  attack,  and  Intrusion 
Detection  capabilities  so  you  know  when  an 
attack  has  taken  place.  And  unlike  the  prior 
generation  of  routers  that  simply  added 
security  features  on  top  of  an  enormous 
router  code  base,  today’s  security  routers  are 
built  “security  tough”  from  the  ground  up. 

Start  with  a  Plan 

Of  course  the  convergence  of  security  and 
networking  at  branch  offices  requires  more 
than  just  plugging  in  a  new  device.You  must 
have  a  defined  network  security  policy 


Security  systems,  applications  and  services 
are  the  common  constituents  of  just 
about  every  security  strategy  But  how  does  it 
all  come  together?  For  more  information,,,^ 

go  to  enterasys.com/nw/branch3 


More 

Online 


Enterasys  Branch  Router:  7  Times  the  Throughput  of  Cisco 


The  Tolly  Group  recently  measured  the  per¬ 
formance  of  the  Enterasys  XSR-1805  and  XSR- 
1850  security  routers, and  compared  the  results 
to  the  performance  of  Cisco  Systems  1700 
series  and  2600  series  branch  office  routers 
in  identical  configurations.  Measuring  routing, 
VPN  throughput.  Access  Control  List  (ACL) 
capabilities  and  Quality  of  Service(QoS),  the 
XSR  routers  outperformed  their  Cisco 
equivalents  in  every  category. 

Important  highlights  included: 

•  VPN  Throughput — XSR-1805  forwards 
seven  times  more  zero-loss  throughput 

than  the  Cisco  265 1XM  in  an  IPSec  tun¬ 
nel  configuration  at  100  Mbps  with  1,420- 
byte  packets 


•  Layer  3  Throughput — XSR-1850 
processes  three  times  the  zero-loss  Layer 
3  throughput  of  the  Cisco  265 1XM  at  100 
Mbps  for  512-byte  packets  and  larger 

•  100  Mbps  with  QoS— XSR-1850 
provides  more  than  triple  the  throughput 
of  the  Cisco  2651XM  when  forwarding 
1,518-byte  packets  at  100  Mbps  with  QoS 
enabled 

The  results  of  the  study  led  Kevin  Tolly, 
president  of  The  Tolly  Group  to  conclude, 
"Typically,  we  see  vendors  test  performance 
with  ancillary  functions  like  ACL  and  QoS 
processing  turned  off,  but  Enterasys  tested 
its  routers  with  full-device  functionality 
enabled,  meaning  users  get  a  truer  picture 
of  overall  device  performance." 

Full  details  and  test  results  are  available  at 

http://www.enterasys.com/performance 
or  http://www.tolly.com 


Why  high  throughput  when  connecting 
across  WAN  links  at  speeds  of  only  a  few 
megabits?  This  is  analogous  to  why  we  buy 
cars  with  top-rated  speeds  of  160  MPH, 
when  the  speed  limit  in  most  places  is  65 
MPH.  A  high-performance  security  router 
needs  the  horsepower  to  easily  handle  the 
demands  of  real-world  network  configura¬ 
tions — configurations  with  VPN,  ACLs  and 
QoS  enabled — to  protect  your  corporate 
intelligence  and  optimize  your  resources. 

For  example,  when  every  remote  employee 
decides  to  live  stream  the  CEO’s  quarter-end 
earnings  broadcast,  you  know  that  the  XSR 
router  is  up  to  the  task.  Without  a  high- 
performance  security  router,  all  bets  are  off. 

Enterasys’ XSR  security  routers  were  explic¬ 
itly  designed  to  deliver  best-in-class  price 
performance.  For  more  information  go  to 

enterasys.com/nw/tolly3 


The  Webcast  Your 
Competition  Doesn't  Want 
You  to  Watch! 


Business-Driven 

Networks: 

Bringing  Business  Intelligence 
into  the  IT  Infrastructure 

A  FREE  Webcast 

presented  by 

ENTERASYS 

NETWORKS.. 
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See  it  now  at 

enterasys.com/nw/webcast3 
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Site: 


Lessons  from  Leading  Users 


Optical  gear  finds  home  in  courts 


■  BY  TIM  GREENE 

Use  of  free-space  optics  in  the 
New  York  court  system  started 
as  a  response  to  an  emergency 
need,  but  now  the  technology  has 
proven  to  be  reliable  enough  to  be  a 
trusted  secondary  connection  for 
many  court  facilities. 

The  laser  transmission  technology 
was  pressed  into  duty  on  Sept.  17, 
2001,  to  restore  WAN  connections  to 
three  Manhattan  courthouses  left  iso¬ 
lated  by  the  Sept.  11  World  Trade 
Center  attacks. 

The  free-space  optical  gear  beams 

data  through  the  ^ _ 

open  air  on  a  laser, 
eliminating  the  need 
for  optical  cabling  to 
carry  the  signal.  The 
technology  requires  a 
clear  line  of  sight  be¬ 
tween  the  sending  and  receiving 
devices,  and  fog  and  heavy  snow  can 
shorten  the  maximum  transmission 
distance  of  6,562  feet. 

After  the  attacks,  two  of  the  isolated 
courthouses  in  downtown  Manhattan 
See  New  York,  page  22 


Laser  justice 


The  New  York  court  system  used  free-space  optical  gear  from  Cano- 
beam  to  restore  data  and  voice  connections  to  three  courthouses 
where  links  were  destroyed  by  the  Sept.  11  terrorist  attacks. 

© 


Lower  Manhattan 


Canobeam  gear  connects  71  Ttiomas  SL  court  to  a  carrier 
hotel,  which  links  data  and  IP  voice  traffic  into  25  Beaver 
St.  court  that  was  connected  to  the  state  network. 


The  attacks  wiped  out  Verizon 
switching  office  serving  courthouses 
at  71  Thomas  St.,  60  Centre  St.  and 
123  Williams  St.,  cutting  them  off 
from  the  state  court  network. 


Sockeye  tunes  up  route-control  gear 


■  InfiniBand  start-up  Voltaire  last 
week  launched  two  products  that 
use  the  next-generation  InfiniBand 
bus.  The  company  announced  the 
ISR  6000  Switch  Router  and  the 
ISR  9600  InfiniBand  Switch 
Router.  The  ISR  6000  is  a  six-port 
4x  InfiniBand  switch  with  two 
Gigabit  Ethernet  router  ports  and 
Layer  4  to  Layer  7  features.  It  is 
enclosed  in  a  lU-high  chassis. The 
ISR  9600  has  as  many  as  96  4x 
InfiniBand  ports.  It  also  has  inte¬ 
grated  InfiniBand  to  IP  router  mod¬ 
ules  and  redundant  power  supplies, 
management  modules  and  fans  for 
fault-tolerant  operation.  The  ISR 
6000  starts  at  $7,000.  Pricing  for  the 
ISR  9600  has  not  been  set;  it  is 
expected  to  be  available  in  April. 
www.voltaire.com 

■  NEC  and  Stratus  Technologies 

this  week  will  announce  an  entry- 
level  server,  the  Express  5800/ 
3201b  and  ftServer  3300  system, 

for  fault-tolerant,  business-critical 
applications.  The  41),  rack-mounted 
server  or  pedestal  version  is 
designed  to  run  Windows  2000  and 
Windows  Server  2003  operating 
environments.  It  has  dual  Intel  Xeon 
processors  running  at  2.4  GHz  and 
supports  as  much  as  6G  bytes  of 
memory.  The  server  contains  as 
many  as  six  PCI  slots,  embedded 
10/100/1000M  bit/sec  Ethernet  and  a 
single  Ultra160  SCSI  ports.  NEC's 
3201b  and  3300  replaces  NEC's  3201a 
and  Stratus'  ftServer  3200,  which 
was  twice  the  size  and  performs 
two  to  three  times  slower  than  the 
3201b  or  the  3300.  It  consists  of  four 
1U  modules  that  fit  in  a  common 
backplane.  Two  of  the  modules  func¬ 
tion  as  CPUs,  which  can  be  config¬ 
ured  either  as  one-  or  two-proces¬ 
sor  servers.  The  other  two  compo¬ 
nents  are  I/O  modules.  The  CPU 
modules  operate  in  lockstep,  allow¬ 
ing  fault-tolerant  operations. 

The  Express  5800/320lb  and 
ftServer  3300  start  at  $25,000  and 
$20,000,  respectively,  www.nec.com; 
www.stratus.com 


■  BY  TIM  GREENE 

WALTHAM,  MASS.  —  Upgraded  equij> 
ment  from  Sockeye  Networks  gives  cus¬ 
tomers  employing  lines  from  more  than 
one  service  provider  the  potential  to  save 
more  money  on  Internet  access  bills. 

The  company  last  week  rolled  out 
Version  3.0  of  GlobalRoute,  the  upgraded 
route-control  software  that  runs  Sockeye’s 
route-control  appliances.Version  3.0  takes 
into  account  the  multitiered  billing 
schemes  ISPs  use  in  determining  how 
much  to  charge  customers.  Route-control 
technology  uses  information  about  con¬ 
gestion,  network  failures,  quality  require¬ 
ments,  cost  and  other  factors  to  divide 
WAN  traffic  among  two  or  more  carriers. 
Usually  residing  on  a  specialized  appli¬ 
ance  and  sometimes  enhanced  with 


monitoring  services,  it  can  help  compa¬ 
nies,  hosting  providers  and  other  users 
save  money  and  get  the  network  perfor¬ 
mance  they  want.  In  this  case,  by  using 
actual  billing  criteria  in  setting 
GlobalRoute  policy  means  the  device  can 
make  better  pricing  decisions.  Previously, 
GlobalRoute  would  accept  only  a  single 
price  per  link  regardless  of  how  many 
tiers  made  up  the  price  structure. 

No  fudge 

“Before,  we  could  get  [GlobalRoute]  to 
do  what  we  wanted,  but  it  required  more 
effort  and  tweaking,”  says  Josh  Richards, 
CTO  of  Digital  West  Networks,  a  hosting 
provider  that  uses  four  ISPs  to  connect  its 
San  Louis  Obispo,  Calif.,  data  center  to  the 
Internet.  “You  kind  of  had  to  fudge  your 
numbers  a  little  bit.  Now  we  can  set  differ¬ 


ent  tiers  and  put  in  exactly  what  prices 
we’ve  contracted  fori’ 

Sockeye’s  gear  sits  on  Digital  West’s  net¬ 
work  as  a  peer  to  the  company’s  edge 
routers  and  Internet  routers  that  share 
Border  Gateway  Protocol  (BGP)  updates. 
These  BGP  updates  alter  route  tables  in 
these  routers  in  choosing  the  ISP  that  re¬ 
quires  the  fewest  router  hops  to  reach  a 
given  destination  address. 

Sockeye  equipment  uses  this  BGP  data 
but  blends  in  the  cost  of  each  link  and 
chooses  the  one  that  costs  the  least  but 
still  meets  performance  standards  cus¬ 
tomers  set. 

Sockeye  and  its  competitors,  including 
netVmg  and  Proficient  Networks,  are 
working  toward  fine-tuning  their  software 
so  it  makes  these  decisions  more  intelli- 

See  Sockeye,  page  22 
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EXTRACT  IN  MY  SHELL  THAT  HAS  THE  POWER  TO  SLOW  CANCERS 
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XML  firewall  appliance  on  tap  from  Reactivity 


The  Reactivity  XML  Firewall  runs  on  a  modi¬ 
fied  version  of  Red  Hat  Linux  and  integrates 
with  applications  servers  from  Apache,  BEA, 
IBM,  Microsoft  and  Systinet. 


■  BY  JOHN  FONTANA 

BELMONT,  CALIF.  —  Once 
focused  solely  on  software, 
Reactivity  this  week  will  release 
an  XML  firewall  appliance 
designed  to  give  companies  a 
way  to  secure  their  Web  services 
traffic. 

The  Reactivity  XML  Firewall 
combines  the  company’s  securi¬ 
ty  software  with  a  1U,  rack- 
mountable  hardware  box  that 
features  two  10/100M-byte 
Ethernet  ports. 

The  firewall  is  an  XML  proxy 
that  intercepts  XML  traffic  and 
provides  authentication,  autho¬ 
rization  and  validation  ser¬ 
vices.  It  also  logs  incoming  and 
outgoing  messages  to  provide 
nonrepudiation. 

Unlike  conventional  firewalls 


that  examine  packets,  the 
XML  Firewall  looks  at  the 
contents  of  Web  services 
messages  based  on  the 
Simple  Object  Access 
Protocol  that  can  carry 
authentication  credentials 
and  requests  for  network  ser¬ 
vices  or  application  access. 

“Companies  need  to  have 
this  kind  of  security  for  busi- 
ness-to-business  Web  ser¬ 
vices,”  says  Jason  Bloomberg,  an 
analyst  with  ZapThink.  “But  it  is 
also  needed  for  inside  the  enter¬ 
prise  because  most  security 
issues  facing  companies  are 
internal.” 

Bloomberg  says  it  makes  sense 
for  Reactivity  to  offer  a  hard¬ 
ware/software  combination  of  its 
technology.  “Hardware  goes  in 
the  data  center  where  it  is  much 


easier  to  manage,  and  it  provides 
additional  speed  benefits.  These 
proxies  have  to  work  at  wire 
speed,”  he  says. 

Reactivity  will  compete  with 
hardware  vendors  such  as 
Forum  Systems,  Data  Power  and 
Sarvega,  and  XML  Firewall  will 
compete  with  software  products 
from  Westbridge,  Quadrysis  and 
Vordell.  All  will  face  challenges 


of  heavy  customer  scrutiny 
to  prove  their  worth  in  this 
emerging  class  of  products 
for  the  nascent  Web  services 
technology 

Reactivity’s  XML  Firewall 
supports  a  number  of  authen¬ 
tication  mechanisms  for 
identifying  senders  and  guar¬ 
anteeing  message  integrity 
including  digital  certificates, 
user  name  and  password, 
HTTP  Basic  Authentication  and 
limiting  access  to  specific  IP 
address  ranges.  The  latter  is 
important  because  many  Web 
services  are  machine-to-machine 
communications  that  don’t  rely 
on  any  human  interaction. 

The  firewall  integrates  with 
directories  that  support  the 
Lightweight  Directory  Access 
Protocol  and  also  supports 


Secure  Socket  Layer  and  XML 
Encryption  for  privacy. 

The  firewall  has  a  Web-based 
administrative  console  used  to 
define  policies,  monitor  live  traf¬ 
fic  and  add/delete  user  identi¬ 
ties.  It  includes  an  event  log  and 
supports  the  SNMP  to  integrate 
with  other  network  monitoring 
tools. 

The  firewall,  which  runs  on  a 
modified  version  of  Red  Hat 
Linux,  integrates  with  Web  appli¬ 
cation  servers  from  Apache,  BEA 
Systems,  IBM,  Microsoft  and 
Systinet. 

The  appliance  features  a  dual 
1.13-GHz  Intel  Pentium  III  proces¬ 
sor  and  2G  bytes  of  memory  and 
dual  36G-byte  SCSI  hard  drive 
with  RAID  1  support  for  storage. 

The  Reactivity  XML  Firewall 
costs  $50,000.  ■ 


Lfissons  from  Leading  Users 


New  York 

continued  from  page  19 

were  within  sight  of  a  third  that  was  still  con¬ 
nected  to  the  state  network,  so  Sheng  Guo, 
the  CTO  for  the  New  York  State  Unified 
Court  System,  installed  pairs  of  free-space 
optical  units  from  Canobeam  between 
them.  The  court’s  LAN  switches  plugged 
into  Ethernet  ports  on  the  Canobeam 
boxes,  which  converted  the  traffic  to  an 
optical  signal. 

The  third  cut-off  courthouse  was  located 
across  the  street  from  a  carrier  hotel  facil¬ 
ity  that  was  still  in  operation,  so  Guo 
installed  a  pair  of  the  Canobeam  devices 
to  give  the  courthouse  access  to  public 
networks.  Through  the  hotel,  the  court¬ 
house  was  plugged  into  the  state  court 
network  at  another  downtown  court¬ 
house. 

This  third  courthouse  also  had  640  IP 
phones  installed  as  part  of  a  trial  of  Nortel 
voice-over-lP  gear,  and  this  voice  traffic 
also  was  beamed  through  the  carrier  hotel 
to  the  court  network. To  handle  voice,  the 
Canobeam  units  require  that  the  traffic  be 
fed  to  it  via  an  Ethernet  interface.The  traf¬ 
fic  from  those  IP  phones  was  fed  into  data 
switches,  transported  over  the  Canobeam 
link,  split  out  from  the  data  stream  at  the 
other  end  and  dropped  onto  the  public 
phone  network  via  primary  rate  interface 
ISDN,  Guo  say's. 

Saved  again 

The  free-space  optical  gear  did  so  well 
that  Guo  called  on  Canobeam  again  when 
the  state  was  in  danger  of  losing  its  OC-3 


fiber  connections  to  four  upstate  court¬ 
houses  because  the  optical  service 
provider,  Telergy  had  filed  for  bankruptcy. 
While  Telergy  never  actually  shut  off  ser¬ 
vices,  Guo  had  to  assume  it  might  do  so  at 
any  time  and  had  to  devise  a  fallback  plan 
for  the  Buffalo,  Rochester,  Syracuse  and 
Binghamton  courthouses  it  served. 

So  he  bought  more  Canobeam  equip¬ 
ment  and  installed  it  on  the  buildings  in 
Buffalo,  Rochester  and  Syracuse  and 
pointed  them  at  other  government  build¬ 
ings  that  were  tied  into  the  New  York  State 
government  fiber  network.  There  was  no 
way  to  connect  the  Binghamton  court 
building  to  the  network,  and  so  it 
remained  in  danger  of  being  cut  off. 

As  it  turned  out,  bankruptcy  judges  pre¬ 
vented  Telergy  from  cutting  off  service 
until  a  new  OC-3  carrier, Time- Warner,  was 
chosen  and  connected  to  the  buildings. 
But  the  Canobeam  gear  was  there  just  in 
case.“When  you’re  in  a  bankruptcy  proce¬ 
dure,  you  never  know  what’s  going  to  hap¬ 
pen,”  Guo  says. 

The  laser  devices  cost  about  $36,000  per 
installed  pair,  and  that  relatively  low  price 
makes  them  a  candidate  for  an  ongoing 
project  to  link  three-site  court  campuses 
in  Queens  and  the  Bronx. 

In  each  case,  the  sites  are  connected  via 
two  fiber  lines:  from  Pbint  A  to  Point  B,  and 
from  Point  B  to  Point  C.  Guo  used 
Canobeam  gear  to  connect  Point  C  back 
to  Point  A  to  form  a  loop.  The  primary 
route  uses  only  the  fiber  connections,  with 
the  free-space  laser  link  a  backup  if  the 
fiber  fails,  he  says.  “Canobeam  is  not  the 
preferred  connection.  If  it  snows,  perfor¬ 
mance  is  degraded,  but  we’ve  had  no 
complaints,"  he  says. 

In  the  Queens  campus,  using  the 
Canobeam  gear  cost  about  $150,000  less 
than  it  would  have  cost  to  use  fiber,  Guo 


says,  and  was  much  faster  to  install. 
Getting  permits  to  run  fiber  under  city 
streets  would  have  taken  months. 

Even  so,  Guo  has  replaced  an  11M 
bit/sec  802.11b  wireless  connection 
between  courthouses  in  Riverhead,  N.Y, 
with  a  Gigabit  Canobeam  DT-55  link.  The 
backup  is  a  T-l  from  each  building  to  a 
hub  site  in  Manhattan  90  miles  away. 

Lasers  proliferate 

And  Guo  says  he  plans  to  install  anoth¬ 
er  pair  as  the  primary  connection 
between  a  new  judicial  research  insti¬ 
tute  being  built  in  White  Plains,  N.Y.,  to 
an  existing  courthouse  on  CourtNet.The 
gear  also  is  a  candidate  to  connect 


buildings  within  five  other  court  cam¬ 
puses  in  the  New  York  City  area. 

Guo  tried  installing  some  of  the  Cano¬ 
beam  devices  indoors  and  pointing  them 
through  the  window,  but  discovered  tinted 
glass  can  impede  performance.  He  also 
found  out  the  inside  devices  are  at  risk  of 
being  bumped  off  their  aim  by  careless 
humans.  “A  cleaning  lady  mopping  the 
floor  moved  the  Canobeam,  and  everyone 
was  screaming,”  because  the  laser  wasn't 
hitting  the  receiver,  Guo  says. 

Despite  these  shortcomings,  Guo  deems 
the  gear  suitable  as  the  primary  data  link  in 
some  cases  as  long  as  it  has  an  emergency 
backup.“We  are  moving  use  of  it  from  crisis 
mode  to  operational  mode,”  Guo  says.  ■ 


Sockeye 

continued  from  page  19 

gently  (see  www.nwfusion.com,  Doc- 
Finder:  4646). 

GlobalRoute  3.0  stores  data  about  each 
provider’s  billing  practices  and  uses  the 
information  to  pick  the  least-expensive  ISP 
that  meets  performance  requirements.  Cus¬ 
tomers  enter  four  factors:  the  number  of 
billing  tiers  carriers  have,  whether  each  tier 
is  billed  at  a  flat  rate  or  by  usage,  what  the 
billing  cycle  is  and  whether  charges  are 
determined  by  a  method  known  as  95th 
percentile  billing.  With  this  usage-based 
billing  technique,  providers  throw  out  the 
top  5%  of  peaks  in  demand  and  base  the 
bill  on  the  next  highest  peak. 

Until  GlobalRoute  3.0,  customers  could 
enter  only  one  flat  price  per  megabit  of 
bandwidth  per  ISP  even  though  ISPs  have 
multiple  pricing  tiers  depending  on  how 
many  megabits  customers  actually  use. 
Customers  had  to  estimate  a  single  fee  they 
hoped  approximated  the  actual  average 


* 

cost  and  enter  that  number  into 
GlobalRoute,  Richards  says. 

The  new  software  also  generates  reports 
for  IT  executives  who  want  to  avoid  wad¬ 
ing  through  log  files  to  capture  informa¬ 
tion  such  as  performance  and  cost  com¬ 
parisons  vs.  using  just  BGRthe  top  desti¬ 
nations  that  traffic  is  sent  to  and  which 
routes  are  least  stable.  The  software  cap¬ 
tures  this  information  and  displays  it  as 
charts  and  graphs. 

“Before,  there  was  some  cool  stuff  but  it 
was  more  detailed  than  might  be  need¬ 
ed  day  to  day.  It  was  hard  to  find  if  you 
didn’t  know  what  you  were  looking  for,” 
Richards  says. 

The  dashboard  displays  a  set  of  high-level 
reports  that  network  administrators  can 
use  to  monitor  network  performance.  “We 
leave  it  up  all  day  and  glance  at  it  from 
time  to  time,"  Richards  says. 

GlobalRoute  3.0  ships  with  new  gear  and 
is  a  free  upgrade  for  customers  with  ser¬ 
vice  contracts. 

Sockeye:  www.sockeye.com 


For  further  information, contact: 
NTT  Communications  Corporation, 
nttverio@ntt.com 
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Honesty 

It’s  part  of  the  return  on  investment  you  get  from  NTT/VERIO  global  services. 

Do  you  really  know  what  to  expect  from  your  telecom  and  IP  provider? 

With  NTT/VERIO  IP  and  managed  network  services  you  do.  As  one  of  the  world's 
largest  communications  providers,  our  promise  is  to  consistently  deliver  the  most  dependable  services 
in  the  world.  From  IP  connectivity  and  managed  network  to  hosting  services, 
our  commitment  is  to  do  whatever  it  takes  to  keep  our  customer  satisfied.  So  when  we  say  you  can  count  on  us, 

we  mean  it.  In  all  honesty. 

www.nttverio.com 


NTT /VERIO 


NTT  Communications  Group  Offices  Japan  •  USA  •  Brazil  •  UK  •  France  •  Germany  •  Netherlands  •  Spain  • 
Korea  •  China  •  Hong  Kong  •  Taiwan  •  Vietnam  •  Thailand  •  Indonesia  •  Singapore  •  Malaysia  •  Philippines  •  Sri  Lanka  •  Australia 

*  A  full  service  offering  may  not  be  available  in  some  areas. 

NTT  is  a  trademark  of  NIPPON  TELEGRAPH  AND  TELEPHONE  CORPORATION.  Verio  is  a  trademark  of  Verio  Inc.  All  other  referenced  product  names  are 
trademarks  of  their  respective  owners.  ©2003  NTT  Communications  Corporation 
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Microsoft  security:  Threat  or  menace? 

A 


couple  of  weeks  ago,  Network  World 
Fusion  reported  that  Microsoft  will 
l  release  an  add-on  security  package 
for  Windows  Server  2003  that  will  imple¬ 
ment  rights  management  policies  for  cor¬ 
porate  documents  (www.nwfusion.com, 


DocFinder:4626). 

“Companies  will  be  able  to  restrict  con¬ 
tent  copying,  forwarding  and  printing  in 
applications  such  as  portal,  email  and 
word-processing  software,”  the  story  says. 
It’s  touted  (by  Microsoft)  as  a  boon  to 
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The  world's  first  Enterprise  Media  Exchange. 
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Introducing  the  MX1200,  the  industry’s  most 
innovative  and  highly  integrated  enterprise 
communications  system.  It  finally  makes  VoIP  a 
viable,  mainstream  solution. 

The  MX1200  is  100%  based  on  open  standards, 
powered  by  Linux,  SIP,  and  VoiceXML.  This 
guarantees  flexibility  and  inter-operability  within 
your  network. 

All  administrative  functions  are  configured  using  one 
graphical  interface.  Users  of  the  system  can  make 
calls,  access  voice  mail,  determine  presence,  and  send 
instant  messages,  all  from  a  single  graphical  interface. 

Software  licenses  allow  the  system  to  grow  from  25  to 
1200  users  without  requiring  any  additional 
hardware  from  Zultys. 

To  learn  how  the  MX  1200  can  address  all  of  your 
enterprise  communications  needs  and  enhance  the 
productivity  of  your  business,  call  us  or  access  our 
web  site. 
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Zultys  logo  the  Zultys  mark,  and  MX 1200  are  trademarks  of  Zultys  Technologies  All  other 
are  the  property  of  their  respective  owners  02003  Zultys  Technologies  AH  rights  reserved 
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771  Vaqueros  Avenue 
Sunnyvale,  CA  94085 
USA 
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Fax:  +  1-408-328-0451 
Email:  zultys@zultys.com 


companies  that  wish  to  protect  their  confi¬ 
dential  documents,  but  it’s  seen  as  a  chill¬ 
ing  deterrent  to  muckrakers  who  use  a  cor¬ 
poration  s  secret  documents  to  reveal  crim¬ 
inal  activity  The  reality,  though,  is  that  it’s 
just  another  Microsoft  boondoggle  to  try  to 
monopolize  the  computing  industry 

The  protections  will  be  handled  by  a  new 
technology  called  Windows  Rights  Man¬ 
agement  (WRM),  based  on  the  not-yet-im- 
plemented  Extensible  Rights  Markup  Lang¬ 
uage  (XrML).So  far,  only  Microsoft,  Adobe 
and  a  few  of  their  closest  partners  support 
XrML. 

You’ll  also  have  to  purchase  new  versions 
of  the  Microsoft  document  producing 
applications  (the  Office  applications,  for 
sure,  but  most  likely  all  Microsoft  applica¬ 
tions  will  be  required  to  support  WRM) 
because  the  technology  is  not  retroactive. 

Of  course,  you  also  will  have  to  run 
Microsoft  operating  systems  exclusively 
because  WRM  is  part  of  the  server  operat¬ 
ing  system. 

The  documents  themselves  won’t  be  able 
to  control  their  own  distribution  without 
extensive  changes  to  the  macro  language 
they  use,  which  would  open  them  up  to 
even  more  egregious  virus  threats  than 
they  already  are  targeted  with. 

So  in  order  to  get  this  sense  of  security  (a 
false  one,  I  might  add, but  we’ll  get  to  that  in 
a  moment),  you  need  to  run  Microsoft 
operating  systems,  Microsoft  services  and 
applications  and  no  others.  Because,  you 
see,  defeating  the  secrecy  is  child’s  play  The 
most  obvious  way  is  through  photography 
—  if  I  can  see  the  document  on  screen,  I 
can  take  a  picture  of  it.  Worse  (or  better, 
depending  on  your  point  of  view),  I  can 
copy  and  paste  it.  Oh,  maybe  not  with  a 
Microsoft  operating  system,  but  its  really 
not  that  difficult  to  run  up  Linux  on  a 
machine  and  use  a  remote-control  service 
to  send  Windows  screens  to  my  Linux 
monitor,  where  a  couple  of  mouse  clicks 
put  the  details  of  the  document  into  a  per¬ 
fectly  portable  file. 

Is  securing  your  business  documents 
worth  the  price  of  a  100%  Microsoft 
monopoly  on  computing?  I  don’t  think  so, 
and  I  hope  you  don’t  either. 

Kearns,  a  former  network  administrator,  is 
a  freelance  writer  and  consultant  in  Silicon 
Valley.  He  can  be  reached  at  wired@ 
vquill.com. 


Tip  of  the  Week 


If  you  want  to  control  your 
Windows  servers  and  desk¬ 
tops  from  a  Linux  box,  check 

out  NetOp  from  Exsys  (www. 
exsys.co.il),  just  one  of  the 
applications  that  should  let 
you  thwart  Microsoft’s  forth¬ 
coming  Windows  Rights 
Management  technology. 


Sony  AIT  data  storage 


solutions  provide  a 
strategic  alternative  to 
linear  tape  formats. 

As  Robert  Frost  makes  clear  in  his  famous  poem,  "The 
Road  Not  Taken,"  picking  one  path  over  another  can  make 
all  the  difference.  While  Frost  had  other  topics  in  mind  at 
the  time,  his  point  is  nonetheless  applicable  to  today's 
companies  that  are  using  or  considering  linear  tape  formats 
such  as  DLT,  S-DLT  and  LTO  as  their  data  storage  solution. 

Legacy  formats  such  as  Digital  Linear  Tape  (DLT)  were  a 
reasonable  data  storage  alternative  in  the  past,  but  a  com¬ 
bination  of  new  business  challenges  and  new  technology 
choices  are  driving  many  companies  to  rethink  their  tape 
storage  path.  For  example,  conventional  DLT  systems  are 
approaching  the  end  of  their  useful  life  cycle,  with  no 
well-defined  way  to  add  capacity  without  upgrading  to  a 
new  format.  While  Super  DLT  (S-DLT)  and  Linear  Tape 
Open  (LTO)  systems  do  have  roadmaps  to  the  future,  nei¬ 
ther  format  offers  a  compatible  solution  that  can  span  the 
gamut  of  storage  needs,  from  the  entry  or  workstation 
level  up  to  the  "Super  Drive"  level.  In  addition,  upgrades 
require  a  media  change,  making  long-term  use  of  linear 
solutions  more  cumbersome  and  less  flexible. 


Perhaps,  as  Frost  suggests,  it's  time  to  consider  a  differ¬ 
ent  path.  Advanced  Intelligent  Tape™  (AIT)  data  storage 
solutions  from  Sony  provide  a  broader  range  of  capacities, 
increased  performance,  better  reliability,  easier  mainte¬ 
nance  and  a  more  strategic  path  to  the  future  than  the 
alternatives.  Organizations  choosing  the  AIT  path  will  find 
themselves  with  a  more  flexible  and  integrated  tape  stor¬ 
age  format  that  can  span  backup  needs  from  individual 
PCs,  to  workgroups,  to  the  enterprise. 

AIT  is  a  proven  storage  technology  with  years  of  suc¬ 
cessful  enterprise  deployments  behind  it.  First  appearing 
in  1996,  AIT  is  a  compact,  helical  scan  8MM  tape  format 
in  a  3.5-in.,  half-height  form  factor.  With  its  high  capacity 
(up  to  100GB  per  cassette),  speed  and  reliability,  AIT  is 
emerging  as  a  more  strategic  tape  storage  path  compared 


with  linear  formats  such  as  DLT,  S-DLT  and  LTO.  Consider 
the  following  advantages  of  AIT: 

•  Reliability  -  Consistent  operation  and  assured  relia¬ 
bility  are  two  critical  components  for  a  tape  storage  sys¬ 
tem.  AIT-3  drives  are  designed  for  a  mean  time  between 
failure  (MTBF)  of  up  to  400,000  hours  (compared  with 
DLT's  250,000  MTBF  rating)  and  a  100%  duty  cycle. 

In  contrast,  DLT-IV  media  is  notoriously  unreliable,  sub¬ 
ject  to  the  often  severe  leader  problems 
that  are  common  for  leader-based  tapes. 
AIT,  on  the  other  hand,  has  a  soft  loading 
system,  which  allows  it  to  load  the  media 
without  using  motors  or  levers.  This  great¬ 
ly  decreases  the  stress  on  the  tapes  and 
increases  the  longevity  of  the  media.  In 
fact,  AIT  can  even  perform  a  soft  load  from 
the  middle  of  the  tape. 

•  Performance  -  With  organizations 
facing  increasingly  larger  backup  volumes 
and  a  greater  need  for  faster  recoveries  for 
business  continuity,  drive  performance  is  critical.  For  large 
backup  applications,  AIT  compares  favorably  with  the 
higher  speeds  of  S-DLT  and  LTO.  But  for  interactive  appli¬ 
cations,  AIT  is  far  faster  because  of  its  superior  load,  seek 
and  rewind  times.  For  example,  AIT  has  a  39-second 
access  speed,  compared  to  80  seconds  for  S-DLT  and  LTO. 

•  Migration  Path  -  Currently  in  its  third  generation,  AIT 
has  a  defined  and  proven  roadmap  that  has  seen  perfor¬ 
mance  and  capacity  double  with  each  new  generation.  In 
addition,  all  three  generations  of  AIT  drives  available 
today  are  both  read  and  write  backward-compatible. 
S-DLT  drives,  on  the  other  hand,  can  not  write  to  DLT  car¬ 
tridges,  severely  limiting  their  usefulness. 

•  Industry  Support  -  AIT  was  created  by  Sony,  one  of 
the  co-inventors  of  the  Digital  Data  Storage  (DDS)  tape  for¬ 


mat,  and  AIT  is  an  open  technology  supported  by  more  than 
27  partners,  including  HP/Compaq,  Qualstar,  Advanced 
Digital  Information  Corp.  (ADIC)  and  Spectra  Logic.  In  addi¬ 
tion,  leading  backup  software  packages  such  as  Veritas 
Software's  Veritas  Backup  Exec  and  NetBackup,  Legato 
Systems'  NetWorker  and  Computer  Associates'  CA 
BrightStor  ARCserve  are  all  compatible  with  the  AIT  format. 

•  Size  -  In  backup,  less  is  more.  For  example,  AIT-3  pro¬ 
vides  at  least  250%  greater  capacity  than  DLT.  At  its 
1 00GB  capacity,  AIT  tapes  are  comparable  to  S-DLT  1 1 0GB 
and  LTO  100GB  models,  but  at  just  one-third  the  size. 
Simply  put,  this  means  it's  much  easier  to  use  AIT  for 
automation  and  tape  libraries  because  it  takes  up  so  much 
less  room.  In  fact,  many  companies  are  able  to  get  twice 
the  number  of  AIT  drives  in  a  given  library  compared  with 
traditional  half-inch  drives.  AIT  also  has  the  world's  first 
1 U  autoloader  (courtesy  of  its  low  power  consumption  and 
small  media  size),  making  it  the  perfect  fit  for  tight  loca¬ 
tions. 

Some  organizations  fear  that  switching  to  a  different 
backup  tape  format  will  be  difficult  and  costly.  But  it  can 
be  done  painlessly.  If  you  follow  a  standard  30-day  back¬ 
up  cycle,  most  of  your  organization's  data  will  be  on  newer 
AIT  tapes  within  a  month..  In  addition,  Sony  bundles 
NovaStor  migration  tape  copy  software  with  each  AIT 
tape  drive  or  library,  making  it  easy  to  copy  critical  or  fre- 
quently-used  tapes  from  other  formats  onto  AIT. 

Data  backups  should  be  there  when  you  need  them.  But 
you  shouldn't  have  to  dedicate  valuable  IT  personnel  to 
maintaining  finicky  tape  drives,  juggle  dozens  of  tapes  to 
find  what  you're  looking  for  or  wait  minutes  (or  hours  or 
days)  to  retrieve  valuable  data.  Sony's  AIT  data  storage 
solutions  enable  organizations  to  get  on  the  right  path  for 
compatible,  reliable  and  high-performance  tape  backup. 
AIT  is  simply  the  smart  investment. 


Tale  of  the  Tape 


Tape  format 

Digital  Linear  Tape  (DLT) 

Super  DLT  (S-DLT) 

Linear  Tape  Open  (LTO) 

Sony  Advanced  Intelligent  Tape  (AIT) 


Capacity 

10GB  to  40GB 
50GB  to  110GB 
100GB  to  200GB 
25GB  to  100GB 


Capacity/Performance 
High-end  network  and  enterprise 
backup/archiving 


Performance/Price  Focus 
Mid-range  network  backup/archiving 


DDS  Replacement 
Low-end  desktop  backup 


One  Platform: 

Full  Coverage 

Sony  AIT  is  the  only  technology 
that  covers  the  entire  backup 
and  archiving  spectrum. 


Learn  More  About 
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Sony  AIT  Solutions 


Download  the  free  white  paper,  "Sony  AIT:  A  New  Path  to  Business 
Value,"  and  learn  more  about  Sony  storage  solutions. 

Visit  www.nwfusion.com/sony/HLFNW 
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In  a  world  where  it’s  a  different  kind  of  threat  every  day,  you  need  a  different  kind  of  security. 

New  threats  can  blow  through  any  firewall  or  anti-virus  software.  That's  why  we  deliver  seamless  information  protection 
with  centralized  management  for  networks,  servers  and  desktops.  From  proactive  research  and  award-winning  software  to 
24/7  protection  and  response  services,  our  solutions  detect,  prevent  and  respond  to  attacks  and  misuse.  And  it's  all  backed  by 
the  X-ForceT  our  global  protection  services  organization.  Want  to  see  more?  Call  800-776-2362.  Or  visit  www.iss.net/nww. 
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■  PORTALS  ■  MESSAGING/GROUPWARE 

■  E-COMMERCE  ■  SECURITY 

■  NETWORK  MANAGEMENT  ■  DIRECTORIES 


■  MasterCard  International  in  the 

near  future  will  be  deploying  public- 
key  infrastructure  technology  from 
Baltimore  Technologies  for  the 

card-processor  association’s 
SecureCode  cardholder  authentic¬ 
ation.  Bruce  Rutherford,  vice  presi¬ 
dent  of  e-business  and  emerging 
technologies  at  MasterCard 
International,  says  the  Baltimore 
UniCERT  software  will  be  used  for 
security  in  various  ways.  These  in¬ 
clude  PKI  in  smart  cards,  the  3D 
Secure  program  for  Web-based 
authentication  between  the  mer¬ 
chant's  Web  sites  and  the  card 
issuer  using  a  Web  plug-in. 

Separately,  Visa  International 
and  the  Bank  of  China  in  Hong  Kong 
plan  to  start  using  a  two-way  mes¬ 
saging  technology  from  Mobileway 
for  secure  authentication  of  a  card¬ 
holder  making  a  transaction  on  a 
mobile  phone. 

■  BEA  Systems  is  offering  free  one- 
year-trial  development  licenses  for 
its  WebLogic  Enterprise  Plat¬ 
form,  a  package  that  bundles  a 
number  of  BEA’s  programming  and 
integration  tools.  The  free  trial  offer, 
announced  last  week  during  BEA’s 
annual  user  conference  in  Orlando, 
is  part  of  a  new  tiered-pricing  pro¬ 
gram,  dubbed  BEA  dev2dev 
Subscriptions.  Trial  users  are 
offered  a  12-month  software  license 
allowing  five  IP  connections,  for  non¬ 
production  use  only.  BEA  offers  two 
higher  subscription  levels. 

The  Platform  Edition  subscription, 
priced  at  $600,  includes  technical 
support,  quarterly  software  updates 
shipped  on  CD,  a  one-year  subscrip¬ 
tion  to  WebLogic  Developer's  Journal 
and  trial  software  from  BEA  part¬ 
ners.  BE A's Tools  Edition  subscrip¬ 
tion,  which  costs  $4,660,  includes 
everything  in  the  Platform  edition 
plus  a  license  for  Borland  Software’s 
JBuilder  8,  WebLogic  Edition  Java 
applications  development  software. 
The  Platform  and  Tools  Edition  sub¬ 
scriptions  do  not  expire.  Dev2dev 
subscriptions  are  available  at 
http://dev2dev.bea.com. 


Vendors  tackle  app  integration 


■  BY  ANN  BEDNARZ 


Middleware  competitors  IBM  and  BEA 
Systems  unveiled  separate  integration 
offerings  last  week,  each  aimed  at  reduc¬ 
ing  the  complexity  of  systems  integration 
projects. 

IBM  focused  on  adding  business  process 
management  (BPM)  features  to  its  inte¬ 
gration  suite,  so  customers  could  model 
and  monitor  business  operations.  BEA  set 
out  to  improve  developer  productivity  by 
providing  a  common  set  of  development 
tools  for  its  WebLogic  platform,  which 
includes  application  server,  portal,  enter¬ 
prise  application  integration  (EAI)  and 
workflow  software. 

IBM’s  additions  fill  out  its  WebSphere 
Business  Integration  portfolio.  New  fea¬ 
tures  let  users  model  and  simulate  how 
business  processes  will  flow  across  a  com¬ 
pany  then  extend  those  processes  across 
supplier  and  customer  systems,  and  mon¬ 
itor  their  execution,  IBM  says. 

The  suite  includes  two  new  modules 
derived  from  IBM’s  September  acquisi¬ 
tion  of  Holosofx:  WebSphere  Business 
Integration  Modeler  tackles  business 
process  modeling;  WebSphere  Business 
Integration  Monitor  keeps  track  of  opera¬ 
tions  and  includes  alerting  features  to 
warn  users  when  metrics  cross  certain 
thresholds. 

Combining  application  integration  tech¬ 
nology  and  BPM  features  in  a  single  plat¬ 
form  appeals  to  Food  Lion,  says  Carolyn 
Hager,  manager  of  e-business  at  the 
Salisbury,  N.C.,  grocery  retailer. 

“When  the  entire  package  comes  from 
one  vendor,  you  have  a  level  of  confi¬ 
dence  that  all  components  will  work 
together  in  a  reliable  and  consistent  man¬ 
ner/’  says  Hager,  whose  company  rolled 
out  WebSphere  Business  Integration  last 
summer  as  part  of  a  data  synchronization 
project. 

Food  Lion  plans  to  use  IBM  WebSphere 
Business  Integration  Monitor  to  keep  its 
business  processes  moving  quickly 
through  the  company  Hager  says.  “The 
alerting  system  will  help  us  detect  and 
eliminate  process  bottlenecks,” she  says. 

BEA,  meanwhile,  released  Version  8. 1  of 
its  WebLogic  Platform,  including  new  ver¬ 
sions  of  its  EAI, application  server  and  por- 


Web 

Applications 

Subscribe  to  our  free  newsletter. 
DocFinder  5434  www.nwfusion.com 


tal  products.  Central  to  the  upgraded  plat¬ 
form  is  BEA  WebLogic  Workshop  8.1,  a 
common  programming  framework  that 
lets  developers  work  on  multiple  projects 
from  within  the  same  development 
environment. 


For  example,  a  developer  could  build  an 
application  based  on  servlets,  JavaServer 
Pages  and  Enterprise  JavaBean  technolo¬ 
gies,  and  build  a  connector  to  an  external 
application  such  as  an  inventory  system, 
See  Integration,  page  28 


Tool  helps  users  create 
XML-formatted  documents 


■  BY  JOHN  FONTANA 

BEVERLY  MASS.  —  Altova  knows  there  is 
plenty  of  conversation  these  days  about 
integration  using  XML-formatted  data,  but 
the  company  would  rather  talk  about  how 
to  first  get  that  data  into  an  XML  format. 

Altova  recently  unveiled  Authentic  5,  a 
document  creation  tool  that  produces 
XML  formatted  data  and  is  similar  to  a 
word  processing  application.  The  tool  was 
part  of  the  company’s  XMLSpy  develop¬ 
ment  environment,  but  the  editor  now  is 
being  offered  as  a  stand-alone  application 
free  of  charge.  Users  still  need  tools  from 
Altova  to  create  the  XML-based  templates 
used  with  Authentic,  which  provides  a 
WYSIWYG  interface  to  document  authors. 

The  software  competes  with  tools  such  as 
Corel’s  XMetal  and  Arbotext’s  Epic  Center, 
and  a  handful  of  open  source  programs. 
Microsoft  also  is  introducing  an  XML  editor 
called  InfoPath  with  Office  2003. 

The  benefit  of  having  data  in  native  XML 
format  is  that  it  separates  the  content  from 
the  presentation  of  data.  That  makes  the 
data  easily  available  to  a  range  of  applica¬ 
tions,  including  Web  services,  and  devices, 
such  as  PDAs  and  smart  phones. 

“We  want  content  creators  to  concen¬ 
trate  on  content,  and  we’ll  worry  about 
presentation,”  says  Katya  Sadovsky,  project 
leader  in  the  Administrative  Computing 
Services  department  at  the  University  of 
California,  Irvine.  Sadovsky  helped  build 
the  university’s  SNAP  Portal,  a  gateway  to 
campus  administrative  services  for  em¬ 
ployees.  Various  departments,  such  as  hu¬ 
man  resources  and  accounting,  use  Au¬ 
thentic  to  create  content  for  the  site. 

“We  decided  when  we  were  creating  the 
portal  that  we  wanted  to  use  XML 
because  we  anticipated  having  to  provide 
the  content  to  many  different  devices,” 
Sadovsky  says.  “But  we  needed  a 


[Microsoft]  Word-like  interface  so  it  was 
easy  for  everyone  to  use.” 

Authentic  5  provides  that  simple  inter¬ 
face  and  is  supported  by  customized 
forms  where  users  enter  content.The  forms 
ensure  consistent  formatting.  When  end 
users  retrieve  the  data  contained  in  the 
forms  it  is  run  through  an  Extensible 
Stylesheet  Language  Transformation 


In  a  recent  IDC  report 


of  respondents  said  that 
supporting  industry-specific 
technology  standards,  such  as 
XML,  was  one  of  the  top  two 
issues  being  addressed  as  part 
of  enterprise  integration 


(XSLT)  engine,  which  formats  the  data  for 
the  end  user’s  device. 

The  only  drawback,  Sadovsky  says,  is 
that  delivery  of  the  XML  formatted  data  is 
slower  than  HTML  formatted  data  be¬ 
cause  of  the  XSLT  rendering. 

Authentic  is  available  in  a  desktop  or 
browser  plug-in  version.  The  browser  ver¬ 
sion  includes  two  options:  the  Placeholder 
Control  for  Microsoft’s  Content  Manager 
Server  2002  Server  and  an  ASP  .Net  Server 
Control,  which  let  the  tool  integrate  with 
CMS  applications  or  Visual  Studio  .Net,  re¬ 
spectively  Authentic  supports  Web  Distri¬ 
buted  Authoring  and  Versioning  for  docu¬ 
ment  management  over  the  Web, and  works 
with  XML  databases,  including  Oracle  91, 
Software  AG  Tamino  and  NeoCore  XMS. 

Altova:  www.altova.com 
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The  U.S.  Department  of  Health  and 
Human  Services  published  the  final 
Health  Insurance  Fbrtability  and  Ac¬ 
countability  Act  security  standards  on  Feb. 
13,  after  a  rather  long  gestation  period  that 
in  the  minds  of  many  privacy  advocates 
included  a  significant  watering  down  of 
the  regulations. 

The  H1PAA  regulations  run  about  6,500 
words  and  were  published  in  the  Federal 
Register  with  an  extended  commentary 
detailing  changes  resulting  from  responses 
to  earlier  versions. The  federal  government 
has  set  up  a  Web  site  dedicated  to  the  new 
rules  and  its  interpretation  (see  “National 
Standards  to  Protect  the  Privacy  of  Per¬ 
sonal  Health  Information”  at  www.hhs. 


Eventually  a  floor? 


gov/ocr/hipaa/). 

The  gist  of  these  rules  is  that  individuals 
must  give  their  consent  before  medical 
data  can  be  shared,  except  when  the  shar¬ 
ing  is  in  support  of  treatment,  payment  or 
healthcare  operations.In  addition, the  rules 
define  security,  administrative,  physical, 
technical,  organizational,  documentation 
and  policy  safeguards. 

In  general,  the  rules  look  reasonable,  but 
there  are  some  funnies.  For  example,  the 
use  of  encryption  is  not  required  for  data 
communications,  although,  as  the  Fre¬ 
quently  Asked  Questions  section  puts  it, 
“Covered  entities  are  encouraged, however, 
to  consider  use  of  encryption  technology 
for  transmitting  electronic  protected  health 
information,  particularly  over  the  Internet.” 

If  you  are  not  a  healthcare-related  busi¬ 
ness,  you  might  wonder  how  much  this 
new  set  of  rules  affects  you. Sure  it’s  good  to 
think  that  your  personal  healthcare  re¬ 
cords  might  not  be  quite  as  easily  accessi¬ 
ble  to  random  third  parties,  but  you  might 
think  that  these  rules  would  not  affect  your 


IT-related  day  job. You  might  just  be  wrong 
—  maybe  not  right  away  but  over  time  you 
could  be  quite  wrong  indeed. 

I  was  talking  to  an  auditor  friend  awhile 
ago  about  HIPAA,  and  he  pointed  out  a 
potentially  important  bit  of  history  One 
thing  that  the  U.S.  court  system  has  sought 
for  quite  awhile  is  a  solid  understanding  of 
what  should  be  considered  “reasonable 
care”  in  the  area  of  protecting  data  in  a  cor¬ 
poration.  What  systems,  procedures  and 
technologies  would  someone  who  wanted 
to  protect  corporate  data, such  as  customer 
credit  card  information,  employ?  Until  now 
there  has  not  been  agreement  on  what  that 
should  be. 

But  now  the  U.S.  government  has  come 
up  with  guidelines  that  define  just  what  a 
reasonable  person  should  do  to  protect  a 
particular  type  of  data.  My  friend  won¬ 
dered  if  the  courts,  driven  by  plaintiff’s 
lawyers,  would  start  to  use  these  guidelines 
in  cases  involving  other  types  of  data.  After 
all,  what  is  described  here  is  all  well  within 
the  state  of  the  art.  Why  shouldn’t  it  apply  to 
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all  important  data? 

There  is  no  way  to  tell  if  the  HIPAA  guide¬ 
lines  will  wind  up  becoming  the  basic 
rules  for  data  protection  —  a  floor  of  the 
range  of  options,  rather  than  the  top  as  they 
are  now.  But  for  those  of  us  who  worry 
about  protecting  privacy  it  might  not  be  a 
bad  thing  if  it  did  happen. 

Disclaimer: These  rules  could  move  from 
being  a  fact  of  life  for  med  school  gradu¬ 
ates  and  an  opportunity  for  law  school 
graduates  to  a  worry  for  business  school 
graduates.  But  1  did  not  ask  any  of  the 
schools  in  developing  this  musing. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 


■  Find  out  how  HIPAA's  upcoming 
deadlines  are  causing  anxiety. 
PAGE  30. 


Collation  looks  to  ease 
application  management 


Integration 

continued  from  page  27 

using  the  same  tools.  Previous  versions  of 
WebLogic  required  separate,  unconnect¬ 
ed  tools  for  application  server  and  EAI 
work. 

BEA’s  adherence  to  Java  and  open- 
source  standards  is  one  of  the  reasons 
Jefferson  County,  Colo.,  chose  its  WebLogic 
Integration  (WLI)  product,  said  Dave 
Gallaher,  director  of  IT  for  the  county. 
“What  we  really  liked  was  WLI’s  adher¬ 
ence  to  the  [Java  2  Platform  Enterprise 
Edition]  standard,  particularly  the  [Java  2 
Platform  Enterprise  Edition  Connector 
Architecture]  standard,"  he  said. 

Jefferson  County  uses  the  WebLogic  plat¬ 
form  to  link  dozens  of  its  160  applications. 
Alternative  products  from  pure-play  EAI 
vendors  such  as  webMethods  and  Tibco 
were  too  expensive  and  too  proprietary 
for  Gallaher’s  taste. 

“To  be  absolutely  positively  married  for¬ 
ever  to  one  vendor  and  its  proprietary 
solution  —  in  the  era  of  downsizing  of  IT 
and  companies  going  away,  that’s  a  foolish 
decision,”  said  Gallaher,  who  spoke  last 
week  at  BEAs  eWorld  2003  user  confer¬ 
ence  in  Orlando. 

IBM  and  BEA  are  arch  rivals  in  the  Java- 
based  application  server  market.  Research 
firms  put  the  two  companies  in  a  near 
dead  heat,  with  each  owning  between 
30%  and  35%  of  the  market. 

In  terms  of  integration  offerings,  IBM  has 
a  broader  portfolio  of  products  than  BEA 
has.  IBM’s  WebSphere  line  includes 
mature  messaging  backbone,  event  bro¬ 
kers,  workflow  tools,  portal  software, 
process  modelers  and  adapters. 

However  BEA,  like  many  application 
server  vendors,  steadily  has  increased  its 
EAI  and  portal  features  over  the  last  cou¬ 
ple  of  years  as  competition  eroded  the 
apps  server  market.  And  it’s  making  signif- 


Integration  goals 

The  desire  for  adaptability  is  driv¬ 
ing  corporate  interest  in  systems 
integration  projects,  according 
to  an  IDC  survey  of  286  companies. 

Top  business  drivers  for  integration 

Respond  faster  to  changing  business  needs 

I  31.5% 

Improve  operational  productivity  of  employees 

■  1 27.3% 

Provide  better  service  to  customers 

27.3% 

long-run  cost  reduction 

■■■■■19.6% 

Improve  business  processes  with  partners 

■■■■H19.21. 

Note:  Multiple  responses  allowed. 


icant  progress,  says  John  Rymer,  vice  pres¬ 
ident  at  Giga  Information  Group.“BEA  has 
pushed  its  application  server  bundle  a  lot 
harder  and  faster  than  any  of  the  other 
vendors  out  there,”  he  says. 

BEA  also  has  distinguished  itself  by 
providing  the  common  Workshop  devel¬ 
opment  environment  for  its  entire  plat¬ 
form,  Rymer  says.  While  IBM  has  an 
enormous  variety  of  middleware.it  does¬ 
n’t  offer  a  single  development  model, 
he  says. 

“This  is  really  big  for  BEA,”  Rymer  says. 
“It’s  something  that  IBM  has  not  done.” 

IBM  WebSphere  Business  Integration 
Modeler,  WebSphere  Business  Integration 
Server  4.2  and  IBM  WebSphere  Business 
Integration  Monitor  will  be  available  later 
this  month. 

A  beta-version  release  of  BEA  WebLogic 
Workshop  8. 1  is  available  now.  Pricing  was 
not  available.  ■ 


■  BY  DENISE  DUBIE 

ORLANDO  —  A  management  software 
start-up  last  week  unveiled  a  product 
designed  to  automatically  discover  and 
monitor  configuration  changes  across  net¬ 
work  elements  that  support  business-criti¬ 
cal  applications. 

At  BEAs  eWorld  conference,  Collation 
introduced  Confignia,  which  can  map 
the  components  and  interdependencies 
among  the  databases,  switches,  routers, 
load  balancers,  Web  and  application 
servers  that  comprise  an  application  envi- 
ronment.The  software  also  records  config¬ 
urations  and  tracks  changes  made. 

Confignia  runs  on  a  Solaris  server  and 
uses  standard  protocols  such  as  SNMPJava 
Management  Extension,  HTTP  and  SQL  to 
query  network  devices,  databases,  load  bal¬ 
ancers, security  devices,  and  Web  and  appli¬ 
cation  servers  for  configuration  data. 

Companies  such  as  Collation,  and  its 
competitors  Dirig  and  Relicore,  provide 
autodiscovery  features,  which  can  reduce 
the  amount  of  time  it  takes  to  configure  the 
software. 

While  these  vendors  attack  the  problem 
with  different  approaches,  they  each  pro¬ 
vide  some  automation  to  a  typically  manu¬ 
al  process,  which  could  help  many  net¬ 
work  managers,  says  Audrey  Rasmussen, 
research  director  at  Enterprise  Manage¬ 
ment  Associates.  But  the  products  remain 
immature  at  this  point. 

“Now  they  do  the  discovery  and  the  map- 
ping.The  next  generation  should  move  into 
actual  management  capabilities,”  she  says. 

Kim  Ross, CIO  at  Nielsen  Media  Research, 


Bug  alert 

There  are  typically  five  to  15 
flaws  in  every  1,000  lines  of 
software  code,  and  simply 
tracking  down  each  bug  takes 
about  75  minutes,  according  to 
studies  by  the  Software 
Engineering  Institute  at 
Carnegie  Mellon  University  and 
the  U.S.  Department  of  Defense. 


says  he  deployed  Confignia  to  track  the 
relationships  between  system  components 
and  applications. 

“This  information  is  essential  to  doing  a 
good  job  of  managing  the  performance 
and  availability  of  applications,”  Ross  says. 
He  says  today’s  Java  2  Platform  Enterprise 
Edition  applications  and  multitiered  net¬ 
work  architectures  require  users  to  find  an 
automated  means  to  tracking  and  record¬ 
ing  configurations.  With  automated  up¬ 
dates,  the  software  shows  Ross’  staff  where 
any  changes  might  have  occurred,  which 
helps  to  more  quickly  determine  the 
source  of  application  problems. 

“This  information  would  be  impossible  to 
stay  on  top  of  without  a  tool  like  Confignia,” 
Ross  says.  Yet  he  wants  to  see  more  from 
Collation.  He  says  he’s  requested  Confignia 
include  more  depth  in  its  tracking  of 
Sybase  databases  and  Windows  servers. 

Pricing  for  Confignia  depends  on  net¬ 
work  configuration.  A  lOOserver  installa¬ 
tion  would  cost  about  $120,000  ■ 
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HEALTHCARE  SOFTWARE:  Regulatory  issues  abound 


HIPAA  deadline 

■  BY  ELLEN  MESSMER 

For  John  Hennessey,  sifting  and  sorting  through 

Health  Insurance  Portability  and  Accountability  Act 
regulations  has  been  a  large  ordeal. 

Hennessey  is  the  CIO  for  Dallas  County  which  con¬ 
tracts  with  the  University  of  Texas  Medical  division  to 
supply  healthcare  to  Texas  prison  system  inmates. 
Healthcare  organizations  across  the  country  face  an 
April  14  deadline  to  be  in  compliance  with  the  basic 
HIPAA  requirements,  federally  mandated  privacy  regula¬ 
tions  to  protect  patient  health  information. The  U.S. 
Department  of  Health  and  Human  Services  (HHS) 
issued  those  patient-data  privacy  guidelines,  as  ordered 
under  the  HIPAA  passed  by  Congress  in  1996.  Subject  to 
interpretation,  the  HIPAA  privacy  rules  demand  that  any 
company  providing  healthcare  services  —  and  any  of 
their  business  associates  handling  protected  patient 
data  —  apply  “administrative,  physical  and  technical 
safeguards”  to  ensure  confidentiality. 

“Every  time  HHS  has  had  a  ‘clarification,’  it  impacts 
another  area,”  Hennessey  says. 

Echoing  the  view  of  several  CIOs  questioned  about 
HIPAA,  Hennessey  worries  the  April  14  deadline  will 
lead  to  an  era  of  heightened  liability  if  patient  data  gets 
into  the  wrong  hands. 

“We’re  worried  about  being  held  liable  and  the  conse¬ 
quent  damages,”  Hennessey  says. 

At  Glenwood  Medical  Associates  in  Colorado,  where 
the  HIPAA  privacy  officer  reports  to  Director  of  IS  Bob 
Mirabito,  HIPAA  creates  similar  anxiety  because  it  seems 
to  “open  up  lawsuits  to  individuals”  after  April  14, 
Mirabito  says. 

At  Glenwood,  HIPAA  has  spurred  an  effort  to  identify 
gaps  in  department  procedures  concerning  access  to 
patient  electronic  records,  or  even  whether  proper  cau¬ 
tion  is  applied  when  faxing  a  document  to  a  doctor  out¬ 
side  the  hospital. The  Glenwood  privacy  policy  is  not 
more  than  five  pages  long,  but  it  was  developed  after 
polling  the  hospital  staff  with  150  questions.To  check 
whether  written  policies  have  been  carried  out,  Glen¬ 
wood  has  used  the  PbliVec  security  audit  tool. 

Many  vendors  have  sought  to  tailor  their 
products  in  some  way  to  meet  any  of 
HIPAAs  three  separate  guidelines  for 
Electronic  Data  Interchange,  Privacy  and 
the  recently  finalized  Security  regulation, 
which  will  go  into  effect  two  years  from 
now.  But  there  is  no  way  to  ensure  HIPAA 
compliance  in  products  however  many 
vendors  pitch  their  wares  that  way,  experts 
say.  So  healthcare  providers  tend  to  take 
any  such  statements  from  vendors  with  a 
grain  of  salt. 

Some  attorneys  say  fears  about  HIPAA  triggering  law¬ 
suits  against  hospitals  and  others  are  not  unfounded. 

"This  is  an  industry  sector  where  people  have  been 
concerned  about  privacy  already,  but  the  difference  with 
HIPAA  is  that  it  is  a  set  of  formalized  obligations,” says 
John  Christiansen,  counsel  with  law  firm  Preston,  Gates 
&  Ellis  of  Seattle.  As  of  April  14,  HHS  will  be  compelled 
to  investigate  any  complaints  the  agency  gets. 

The  goal  is  for  HHS  to  help  remedy  any  problems  it 
finds  —  and  not  file  charges.  But  the  HIPAA  regulations 


ups  healthcare 

do  allow  for  fines  up  to  $25,000  per  year,  per  type  of  vio¬ 
lation.  However,  making  a  good-faith  effort  and  applying 
due  diligence  on  HIPAA  does  a  lot  to  minimize  liability, 
Christiansen  says. 

Dallas  County  has  outsourced  its  IT  operations  to 
SchlumbergerSema,  which  has  provided  HIPAA  consult¬ 
ing.  Under  HIPAA,  healthcare  organizations  must  ensure 
that  business  associates  treat  sensitive  patient  data  with 
the  same  concern  as  the  healthcare  provider. This  has 
led  to  organizations  hammering  out  HIPAA 
data-privacy  contracts  with  doctors,  ven¬ 
dors  and  IT  service  providers,  too. 

“We’ll  be  entering  into  a  business  agree¬ 
ment  with  IBM,  our  IT  outsourcer,”  says  Greg 
Bard,  HIPAA  privacy  and  security  project 
manager  for  Atlanta’s  National  Account 
Services  Company  (NASCO),  which 
processes  more  than  80  million  claims  elec¬ 
tronically  each  year  among  Blue  Cross  and 
Blue  Shield  health-plan  providers,  and 
sometimes  supporting  their  patient  claims 
departments. 

Develop  policies 

“You  have  to  develop  policies  and  proce¬ 
dures  around  privacy  who  has  access  to 
information  —  or  it  could  be  e-mail,”  says 
Tommy  Gurganus,  NASCO’s  director  of  regulatory  com- 
pliance.“lf  you  e-mail  someone  with  information,  that’s 
covered  by  privacy’ 

Cuna  Mutual  has  decided  to  encrypt  all  e-mail  about 
healthcare  coverage,  including  to  outside  businesses,  by 
using  the  Zix  mail-encryption  desktop  client  and  en¬ 
cryption  gateway,  which  can  prevent  transmission  of 
mail  that  might  violate  the  patient-data  policy 

“Encryption  is  necessary  for  privacy  and  that’s  any¬ 
thing  beyond  just  someone’s  name,”  says  Tim  Burke, 
Cuna  Mutual’s  information  security  manager.“With  the 
ZixIT  plug-in  for  email,  instead  of  pushing  the  Send  but¬ 
ton,  you’ll  be  hitting  a  Send  Securely  button.” 

At  North  Shore  Long  Island  Jewish  Health  System  in 
Great  Neck,  N.Y,  which  has  18  hospitals  and  30,000 


employees,  the  HIPAA  privacy  regulations  have  triggered 
a  review  of  the  hospital  group’s  IT  systems,  which  in¬ 
creasingly  rely  on  wireless  LANs,voice-over-lP  phones 
and  Lightweight  Directory  Access  Protocol-based  direc¬ 
tories  to  gain  access  to  electronic  patient  data. 

HIPAA  privacy  rules  put  an  emphasis  on  audit  and 
access  control  to  protect  patient  data,  says  Brian  Dennis 
Gaon,  North  Shore’s  manager  of  information  systems 
security.  HIPAA  calls  for  a  best  effort,  and  to  Gaon,  that 
means  “industry  best  practices.” 


anxiety 

Two-factor,  or  strong  authentication  by  means  of  hand¬ 
held  tokens  to  generate  a  one-time  password,  is  widely 
considered  a  better  security  practice  than  reusable  pass¬ 
words.  North  Shore  elected  to  use  RSA  Security  Secure- 
ID  token  coupled  with  a  newer  software-based  token 
called  RSA  Mobile  ID  in  an  enterprise  trial  deployment. 
North  Shore  is  using  the  Novell  eDirectory  product  as 
the  metadirectory  for  patient  information,  with  Microsoft 
Active  Directory  as  the  directory  service. 

For  remote  access  to  the  North  Shore 
intranet  by  physicians  or  contractors,  the 
healthcare  company  requires  Cisco-based 
VPN  client  software.  North  Shore  recently 
decided  to  outsource  the  help  desk  for  the 
VPN  to  Aventail. 

North  Shore  also  intends  to  add  X.509  digi¬ 
tal  certificates  to  its  patient  bedside-registra¬ 
tion  system  so  that  a  digital  signature  can  be 
applied  to  every  use  of  electronic  patient 
record  to  keep  a  comprehensive  nonrep- 
utable  audit  trail  of  changes.“We’ll  ultimately 
be  encrypting  and  digitally  signing  e-mail, 
too,”  Gaon  says. 

Some  of  the  toughest  security  challenges 
appear  to  reside  with  wireless,  including 
Cisco  Aironet  wireless  LANs  and  SpectraLink 
voice-over-IP  phones,  which  are  starting  to  be 
used  in  the  hospitals.  With  some  dismay  Gaon  is  trying  to 
keep  up  with  the  myriad  and  ever-changing  wireless  LAN 
security  options  for  authentication  and  encryption, 
including  802.1  lx, Wired  Equivalent  Privacy,  Protected 
Extensible  Authentication  Protocol,  Cisco’s  Lightweight 
Extensible  Authentication  Protocol,  and  Extensible 
Authentication  Protocol-Transport  Layer  Security 

But  Gaon  has  no  misgivings  about  the  HIPAA  privacy 
rules,  which  set  a  national  baseline  for  protecting 
patient  privacy.  In  terms  of  a  patient’s  right  to  privacy 
“HIPAA  is  probably  the  greatest  thing  that’s  happened  in 
healthcare,”  Gaon  concludes. 

HIPAA  has  prompted  some  hospitals  to  rethink  pass¬ 
word  and  access-control  policies. 

“Audit  logs  are  going  to  push  HIPAA.  Every  time  some¬ 
one  accesses  [the  patient  record,]  we’ve 
got  to  know  what  they’ve  accessed,  when 
it  was  accessed  and  what  they  did,”  says 
Rick  Allen,  director  of  IS  operations  at 
Gwinnett  Health  Systems  in 
Lawrenceville,  Ala. The  organization  is 
changing  from  using  generic  network 
logons  to  individual  passwords  with  role- 
based  access. “So  if  you  are  a  nurse  in 
neurology,  there  are  things  you  can  see 
that  you  couldn’t  see  if  you  were  in 
OB/GYN,”  Allen  says. 

Some  hospitals  are  even  making  it  harder  for  hospital 
staff  to  peer  into  another’s  PCs.“We’re  adding  the  antiglare 
barrier  to  every  machine,”  Dave  McClain,  information  sys¬ 
tems  security  manager  at  Community  Health  Network. 

The  Indianapolis  hospital  group  also  is  using  the 
Vericept  content-monitoring  and  analysis  appliance  to 
scan  data  leaving  its  network, so  it  can  identify  patient- 
health  information  that  might  be  going  to  the  Internet. 

“For  us,  the  senior  physician  and  the  CIO  are  setting 
the  course  for  HIPAA,”  McClain  says.  ■ 


1 1  HIPAA  is  probably  the  greatest  thing  that's 
happened  in  healthcare.  91 

Brian  Dennis  Gaon 

Manager  of  information  systems  security,  North  Shore  Long  Island 
Jewish  Health  System 


HIPAA  creates  anxiety 
because  of  potential 
lawsuits,  says  Bob 
Mirabito,  director  of  IS 
at  Glenwood  Medical 
Associates. 


At  CDW,  we  don't  build  technology.  Instead,  we  focus  on  giving  customers 


the  best  technology  buying  experience  possible  -  from  a  warehouse  full  of 


brand  name  products  to  partnerships  with  manufacturers  to  a  state-of- 


the-art  distribution  system.  We  ensure  you  get  the  products,  value  and 
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speed  of  delivery  you're  looking  for.  It's  a  better  way  to  buy  technology. 


As  the  world  leader  in  Internet  security,  Check  Point’s™  integrated  security  solutions  Connect,  Protect, 
Manage  and  Accelerate  the  network  security  of  more  than  1 00  million  users  worldwide. 


CONNECT.  Leading  global  companies  rely  on  Check  Point  VPN 
solutions  to  connect  employees  and  offices  everywhere.  Regardless  of 
where  business  happens— even  in  the  most  remote  locations  —  people 
and  companies  are  securely  connected  to  their  critical  information. 


PROTECT.  Check  Point’s  fail-safe  firewall  infrastructure  provides 
the  highest  level  of  security  for  every  network  from  the  edge  to  the 
core.  Our  authentication,  access  control,  and  content  security  features 
have  become  the  trusted  global  industry  standard. 


Check  Point’s  revolutionary  Security  Management 
Architecture  (SMART-)  lets  you  instantly  deploy  and  distribute  security 
policies  regardless  of  user  location.  All  aspects  of  network  security  can 
be  defined  and  managed  from  a  single  console  dramatically  reducing 
your  total  cost  of  ownership. 


ACCELERATE.  Check  Point’s  VPN  and  firewall  solutions  deliver 
wire-speed  performance  up  to  three  times  faster  than  other  network 
solutions.  Now  you  can  maintain  absolute  network 
security  without  sacrificing  the  performance  of  business- 
critical  applications  or  bogging  down  your  network. 


Checkpoint 
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Find  out  the  latest  in  Internet  security  by  downloading  our  white  paper  “Building  Secure  Wireless  LANs” 
at  www.checkpoint.com/wireless/nww  or  call  (866)  488-6686. 


We  Secure  the  Internet. 
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■  WIRELESS  ■  REGULATORY  AFFAIRS 


AT&T,  Aventail  tout 
SSL  VPN  service 


■  BY  DENISE  PAPPALARDO 

AT&T  is  teaming  with  Aventail  to  offer 
what  the  companies  say  is  a  more  flexible 
VPN  choice  for  remote  and  extranet 
access. 

AT&T  is  expected  to  announce  this  week 
that  it  is  reselling  Aventail’s  Secure  Sockets 
Layer  (SSL)  VPN  service.The  offering  would 
let  customers  extend  the  reach  of  VPNs  to 
business  partners  and  remote  users. 

SSL  offers  an  additional  level  of  flexibility 
because  it  authenticates  at  the  application 


for  business-to-business  environments. 

SSL  support  also  would  make  it  easier 
for  AT&T  to  roll  out  Wi-Fi  wireless  LAN 
support.  “It  will  likely  happen  in  the  not 
too  distant  future,” says  Jonathan  Cohen, 
director  of  IP  VPN  strategy  at  AT&T. 

The  carrier  hinted  that  it  would  be 
working  with  start-up  Cometa  Networks 
to  support  a  bundled  Wi-Fi  VPN  access. 
Cometa  is  a  joint  venture  between  AT&T 
Wireless,  IBM  and  Intel  that  plans  to  build  a 
nationwide  network  of  wireless  access 
points. 
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Customer  service  VP 
at  WorldCom  sees 
brighter  days  ahead 


Your  company  is  in  bankruptcy,  under  investiga¬ 
tion  by  the  Securities  and  Exchange  Commission 
and  mentioned  in  the  same  breath  with  Enron  as  an  example  of 
corporate  malfeasance.  Your  customers  are  nervous  if  not  unhappy. 
And  your  job  is  senior  vice  president  of  customer  service.  Welcome 
to  the  life  ofWorldCom’s  Sonny  Evans,  who  recently  spoke  with 
Network  World  Senior  Editor  Denise  Pappalardo  about  how  his 
department  has  —  and  has  not  —  changed  during  all  of  the  tumult 
since  last  summer. 


Are  there  things  that  have  changed  within  customer  service  since  August? 

One  of  the  biggest  things  is  the  focus  on  the  customer.  We  are  streamlin¬ 
ing  our  product  portfolio  and  contracts. . .  .There’s  a  big  focus  on  the  small 
to  midsize  business  organizations.  Field  customer  service  and  sales  folks 
were  assigned  to  higher-end  customers  in  the  past.  Now  customer  service 
centers  are  assigning  all  those  customers  to  individual  reps.  We’re  calling 
them.  We’re  touching  base  trying  to  tell  them  about  new  products  and  ser¬ 
vices.  . .  .Virtually  every  customer  has  someone  assigned  to  them. 

Streamlining  WorldCom's  products  and  contracts,  are  those  new  initiatives? 

They’ve  been  ongoing.  Rarely  do  we  have  many  problems  with  cus- 
tomers.The  biggest  issue  they  bring  up  is  with  their  invoice  and  the  presen¬ 
tation  of  their  invoice.  Depending  on  the  product  set  they  have,  the  invoic¬ 
es  can  get  complex.  We’re  making  a  concerted  effort  to  streamline  and  sim¬ 
plify  the  products  from  a  marketing  standpoint  with  a  strong  commitment 
to  improving  the  billing  process  and  invoice  presentation. 

Have  inquiries  from  customers  about  WorldCom's  financial  health  increased? 

Specific  questions  that  come  in  are  service-related  and  billing-related.  In 
July  and  early  August  there  were  some  questions  about  the  company’s  situ¬ 
ation.  Any  questions  specifically  regarding  our  financials  were  forwarded  to 
investor  relations.  But  we  don’t  get  questions  like  that  any  longer. 


undisclosed  amount  of  stock  and 
assumption  of  debt.  FNSI's  approxi¬ 
mately  400  customers  are  in  Ohio, 
Michigan  and  Pennsylvania.  All  FNSI 
customers  will  be  transferred  onto 
Cogent's  national  backbone.  Since 
Cogent’s  inception  in  2000,  it  has  com¬ 
pleted  six  acquisitions,  including  the 
purchase  of  ISP  PSINet  last  year. 

■  Cidera,  a  satellite-streaming  and 
content-distribution  service  provider, 


■  SBC  has  launched  a  new  pricing 
scheme  for  small  businesses,  letting 
users  create  customized  service  bun¬ 
dles  that  could  include  local,  long-dis¬ 
tance,  Internet  access,  wireless  and 
Web  hosting.  Small  businesses  also 
will  have  access  to  steeper  discounts, 
saving  up  to  40%  on  some  options. 
The  more  elements  customers  buy 
for  their  bundle,  the  more  the  cus¬ 
tomer  would  save,  SBC  says. 


Has  WorldCom  put  its  customer  service  agents  through  training  on  how  to  deal 
with  questions  about  the  bankruptcy? 

There  has  been  training.  Early  on,  there  were  daily  updates.  Now  we 
receive  updates  on  an  ongoing  basis  from  [CEO]  Michael  Capellas  on  our 
Web  site  regarding  his  100-day  plan,  including  milestones. 

How  challenging  is  it  for  WorldCom  to  operate  its  customer  service  department 
with  fewer  employees? 

It  really  hasn’t  been  too  challenging.  We  focused  on  streamlining  process¬ 
es  and  procedures;  we  realigned  common  work  tasks  from  several  major 
centers. There  were  multiple  things  such  as  repair  that  were  at  numerous 
locations.  We’ve  looked  at  streamlining  that  process  and  bringing  it  into 
fewer  locations.  We’ve  done  the  same  with  our  call-center  activity . .  .There’s 

See  WorldCom,  page  34 
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AT&T,  Aventail  tout 
SSL  VPN  service 


■  BY  DENISE  PAPPALARDO 

AT&T  is  teaming  with  Aventail  to  offer 
what  the  companies  say  is  a  more  flexible 
VPN  choice  for  remote  and  extranet 
access. 

AT&T  is  expected  to  announce  this  week 
that  it  is  reselling  Aventail’s  Secure  Sockets 
Layer  (SSL)  VPN  service.The  offering  would 
let  customers  extend  the  reach  of  VPNs  to 
business  partners  and  remote  users. 

SSL  offers  an  additional  level  of  flexibility 
because  it  authenticates  at  the  application 
level,  while  IP  Security  (IPSec),  which  AT&T 
also  offers,  authenticates  at  the  network 
layer,  says  Steven  Harris,  analyst  at  IDC. 

“SSL  works  best  for  extranet  connectivity 
where  a  business  may  only  want  to  give  a 
user  access  to  certain  Web-based  applica¬ 
tions,”  he  says. “But  for  users  that  need  full 
LAN  access,  IPSec  is  the  better  choice.” 

Because  SSL  initiates  a  session  for  each 
application  a  user  accesses,  it  would  be 
cumbersome  to  use  SSL  for  remote  users 
who  might  need  to  access  many  applica¬ 
tions  on  a  corporate  LAN,  Harris  says. 

IPSec  VPN  access  requires  that  users 
deploy  a  software  client  on  their  laptop  or 
desktop.  SSL  VPN  access  lets  users  access  a 
VPN  using  a  standard  Web  browser,  which 
adds  another  level  of  flexibility  especially 


for  business-to-business  environments. 

SSL  support  also  would  make  it  easier 
for  AT&T  to  roll  out  Wi-Fi  wireless  LAN 
support. “It  will  likely  happen  in  the  not 
too  distant  future,” says  Jonathan  Cohen, 
director  of  IP  VPN  strategy  at  AT&T. 

The  carrier  hinted  that  it  would  be 
working  with  start-up  Cometa  Networks 
to  support  a  bundled  Wi-Fi  VPN  access. 
Cometa  is  a  joint  venture  between  AT&T 
Wireless,  IBM  and  Intel  that  plans  to  build  a 
nationwide  network  of  wireless  access 
points. 

Aventail  supports  the  SSL  VPN  service  by 
deploying  an  appliance  at  a  customer’s 
site,  which  it  manages  from  its  network 
operating  center  (NOC).  Users  access  the 
VPN  from  any  Internet  connection  and  are 
authenticated  at  the  SSL  appliance,  where 
a  session  is  initiated. 

While  Aventail  will  support  the  offering, 
AT&T  will  bill  users  directly  for  the  SSL  VPN 
service.The  companies  say  AT&T  will  even¬ 
tually  deploy  Aventail  gear  within  its  own 
NOC  to  provision  and  support  customers 
on  its  own,  but  no  timetable  has  been 
established. 

AT&T  says  it  has  been  looking  at  adding 
SSL  VPN  access  to  its  security  service  pack¬ 
age  since  last  year.  And  in  this  case,  the 

See  AT&T,  page  34 


Takes 


■  Cogent  Communications  recently 
picked  up  the  Internet  business  of 
access  and  collocation  provider  Fiber 
Network  Solutions  Inc.  for  an 

undisclosed  amount  of  stock  and 
assumption  of  debt.  FNSI's  approxi¬ 
mately  400  customers  are  in  Ohio, 
Michigan  and  Pennsylvania.  All  FNSI 
customers  will  be  transferred  onto 
Cogent’s  national  backbone.  Since 
Cogent's  inception  in  2000,  it  has  com¬ 
pleted  six  acquisitions,  including  the 
purchase  of  ISP  PSINet  last  year. 

■  Cidera,  a  satellite-streaming  and 
content-distribution  service  provider, 


recently  shut  down  its  services  for  29 
hours  because  of  financial  prob¬ 
lems.  Cidera  says  it  is  renegotiating 
a  long-term  financing  deal.  It  offers  a 
Usenet  news  service,  two  caching 
services  and  a  streaming  media  ser¬ 
vice  to  ISPs.  According  to  published 
reports,  Cidera  has  about  150  small 
and  midsize  ISP  customers. 

■  SBC  has  launched  a  new  pricing 
scheme  for  small  businesses,  letting 
users  create  customized  service  bun¬ 
dles  that  could  include  local,  long-dis¬ 
tance,  Internet  access,  wireless  and 
Web  hosting.  Small  businesses  also 
will  have  access  to  steeper  discounts, 
saving  up  to  40%  on  some  options. 
The  more  elements  customers  buy 
for  their  bundle,  the  more  the  cus¬ 
tomer  would  save,  SBC  says. 


Customer  service  VP 
at  WorldCom  sees 
brighter  days  ahead 


Your  company  is  in  bankruptcy,  under  investiga¬ 
tion  by  the  Securities  and  Exchange  Commission 
and  mentioned  in  the  same  breath  with  Enron  as  an  example  of 
corporate  malfeasance.  Your  customers  are  nervous  if  not  unhappy. 
And  your  job  is  senior  vice  president  of  customer  service.  Welcome 
to  the  life  ofWorldCom’s  Sonny  Evans,  who  recently  spoke  with 
Network  World  Senior  Editor  Denise  Pappalardo  about  how  his 
department  has  —  and  has  not  —  changed  during  all  of  the  tumult 
since  last  summer. 


Are  there  things  that  have  changed  within  customer  service  since  August? 

One  of  the  biggest  things  is  the  focus  on  the  customer.  We  are  streamlin¬ 
ing  our  product  portfolio  and  contracts. . .  .There’s  a  big  focus  on  the  small 
to  midsize  business  organizations.  Field  customer  service  and  sales  folks 
were  assigned  to  higher-end  customers  in  the  past.  Now  customer  service 
centers  are  assigning  all  those  customers  to  individual  reps. We’re  calling 
them.  We’re  touching  base  trying  to  tell  them  about  new  products  and  ser¬ 
vices.  . .  .Virtually  every  customer  has  someone  assigned  to  them. 

Streamlining  WorldCom's  products  and  contracts,  are  those  new  initiatives? 

They’ve  been  ongoing.  Rarely  do  we  have  many  problems  with  cus- 
tomers.The  biggest  issue  they  bring  up  is  with  their  invoice  and  the  presen¬ 
tation  of  their  invoice.  Depending  on  the  product  set  they  have,  the  invoic¬ 
es  can  get  complex. We’re  making  a  concerted  effort  to  streamline  and  sim¬ 
plify  the  products  from  a  marketing  standpoint  with  a  strong  commitment 
to  improving  the  billing  process  and  invoice  presentation. 

Have  inquiries  from  customers  about  WorldCom's  financial  health  increased? 

Specific  questions  that  come  in  are  service-related  and  billing-related.  In 
July  and  early  August  there  were  some  questions  about  the  company’s  situ¬ 
ation.  Any  questions  specifically  regarding  our  financials  were  forwarded  to 
investor  relations.  But  we  don’t  get  questions  like  that  any  longer. 

Has  WorldCom  put  its  customer  service  agents  through  training  on  how  to  deal 
with  questions  about  the  bankruptcy? 

There  has  been  training.  Early  on,  there  were  daily  updates.  Now  we 
receive  updates  on  an  ongoing  basis  from  [CEO]  Michael  Capellas  on  our 
Web  site  regarding  his  100-day  plan,  including  milestones. 

How  challenging  is  it  for  WorldCom  to  operate  its  customer  service  department 
with  fewer  employees? 

It  really  hasn’t  been  too  challenging.  We  focused  on  streamlining  process¬ 
es  and  procedures;  we  realigned  common  work  tasks  from  several  major 
centers.There  were  multiple  things  such  as  repair  that  were  at  numerous 
locations.  We’ve  looked  at  streamlining  that  process  and  bringing  it  into 
fewer  locations.  We’ve  done  the  same  with  our  call-center  activity. . .  .There’s 

See  WorldCom,  page  34 
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continued  from  page  33 

carrier  says  it  made  more  sense  for  AT&T  to 
team  with  a  company  that’s  been  working 
with  SSL  since  1997  than  to  build  a  service 
from  the  ground  up. 

AT&T  was  losing  revenue  by  not  offer¬ 


ing  a  second  VPN  access  method  that  is 
more  flexible  than  IPSec,  Cohen  says. 

“Professionals  behind  another  [compa¬ 
ny’s]  firewall  could  have  network  address 
translation  problems  or  protocol  block¬ 
ing  problems,”  he  says. 

The  new  service  is  expected  to  be  avail¬ 
able  in  the  second  quarter. 


AT&T  would  not  reveal  how  much  it 
will  charge,  but  says  pricing  would  be 
similar  to  Aventail’s. 

Aventail  charges  $2.75  per  user,  per 
month  for  a  company  that  has  2,000  users. 
The  service  provider  charges  $1.75  per 
user,  per  month  for  a  company  that  has 
10,000  users.  ■ 


Q  A 

WorldCom 

continued  from  page  33 

no  way  we  are  going  to  compromise 
our  service  with  reductions.  We 
understand  the  customer  is  the  cor¬ 
nerstone  of  customer  service  and 
everything  that  we  do. 

Even  with  the  10,000  layoffs?  Aren't 
customers  asking  how  their  service  will 
be  affected? 

1  don’t  believe  there  has  been  an 
impact  from  a  negative  standpoint. 
If  anything  it’s  better  than  it  has 
ever  been. There  are  not  a  lot  of 
questions  that  we  get  from  custo¬ 
mers  about  degradation  in  service. 
Most  of  the  customer  feedback  is 
that  service  has  never  been  better. 

How  is  it  better  when  there  are  fewer 
people  supporting  the  network  and  the 
company?  You  talk  about  streamlining 
operations.  Is  it  that  you're  just  operat¬ 
ing  smarter  now? 

You  have  to  look  at  where  these 
people  were  reduced.  Financial-type 
organizations  have  had  reductions. 
Customer  service  has  had  some 
reductions.  But  we  had  a  lot  of  folks 
out  there  in  a  lot  of  different  loca¬ 
tions,  and  at  one  point  there  were 
more  sales  channels  than  there  are 
today  We  realigned  the  customer  ser¬ 
vice  organization  with  fewer  sales 
channels.  We  had  some  duplicate 
functions. There  were  multiple  order- 
entry  folks  out  there. The  same  with 
provisioning,  the  same  with  cus¬ 
tomer  service,  and  a  lot  of  those 
things  have  been  collapsed  and 
consolidated. 

What  is  the  philosophy  within  your 
department?  Is  the  attitude  much 
different? 

I  don’t  think  the  attitude  is  that 
much  different. The  customer  ser¬ 
vice  organization  has  always  been 
driven  to  do  whatever  it  takes  to 
take  care  of  the  customer. There  is 
policy  and  procedure,  but  we  use 
them  as  more  of  a  guideline.  It’s 
not  ‘you  don’t  step  outside  of  this 
box’  If  they  make  a  mistake, so  be 
it.  They  learn  from  it,  and  we  move 
on. 

Do  you  think  you  have  one  of  the  tough¬ 
est  jobs  in  telecom? 

It’s  a  tough  job,  but  it  has  always 
been  a  tough  job  to  try  to  be  the 
best  in  the  industry.  I’ve  been  with 
the  company  for  18  years,  and  the 
focus  I’ve  had  has  always  been  on 
the  customer  and  the  focus  from 
the  company  has  always  been  on 
the  customer.  ■ 
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The  real  problem  with  those  ‘crybaby  Bells' 


You’ll  recall  that  baby  Bells  have  been 
lobbying  for  years  to  undo  the  FCC- 
mandated  discount  rates  they  must 
charge  other  carriers  for  use  of  their  facili¬ 
ties.  The  Bells’  argument  is  that  these  artifi¬ 
cially  low  rates  unfairly  depress  earnings 


and  favor  competitors. 

The  FCC  recently  ruled  that  individual 
states  could  continue  to  mandate  these 
rates.  The  Bells  cried  foul  and  let  it  be 
known  that  they  would  not  be  making  fur¬ 
ther  investments  in  telecom  equipment  as 
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returns  to  Boston  in  2003,  providing  a  unique  educational  program,  marketplace  and  meeting  place  focused 


a  result  of  the  ruling.  FCC  Chairman 
Michael  Fbwell  reportedly  responded  by 
calling  the  Bells  “crybabies”  and  declaring 
himself  tired  of  the  “passion  play  between 
billion-dollar  self-interested  actors.” 

In  past  columns  I’ve  said  the  Bells’  posi¬ 
tion  lacks  integrity,  and  I’m  not  happy  with 
the  FCC’s  halfway  concessions  to  the  Bells. 

But  what  really  bugs  me  is  instead  of  in¬ 
vesting  in  new  ways  to  grow  their  business, 
the  Bells  are  spending  millions  of  dollars 


How  about  instead  of 
wasting  millions  on  pas¬ 
sion  plays,  the  Bells 
were  to  invest  those 
same  millions  on  their 
host  offerings? 


on  the  current  trends  and  innovations  in  technology  for  the  life  sciences. 
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on  lawyers  and  lobbyists  to  protect  a  rev¬ 
enue  stream  that’s  hopelessly  out  of  date. 
Last  year  the  number  of  local  loop  circuits 
sold  had  dropped  for  the  first  time  in  histo¬ 
ry  You’d  think  the  Bells  would  figure  out 
that  consumer  dial-up  service  isn’t  exactly 
the  wave  of  the  future. 

Here’s  an  example  of  what  the  Bells 
should  think  about:  My  company  recently 
needed  to  switch  Web  hosting  providers. 
One  of  the  primary  selection  criteria  was 
24-7  telephone  customer  service.  Cost- 
effectively  operating  a  quality  call  center  is 
a  specialized  skill,  so  we  looked  for  com¬ 
panies  with  known  abilities  in  this  area. 

You’d  think  the  Bells  would  dominate  this 
market, yet  they  don’t  even  show  up  on  the 
map.  Oh,  every  one  of  them  offers  hosting 
—  but  none  of  their  offerings  make  it  to  the 
top  25  of  hosting  services,  and  their  prices 
are  high  compared  with  the  top-tier 
providers,  with  no  clear  justification  for  the 
price  differential. 

That  tells  me  that  either  the  Bells’  Web 
hosting  offerings  aren’t  competitive  or 
they’re  not  doing  a  good  enough  job  mar¬ 
keting  them. 

How  about  instead  of  wasting  millions  of 
dollars  on  passion  plays,  the  Bells  were  to 
invest  those  same  millions  on  their  hosting 
offerings?  It’s  a  multibillion-dollar  market 
that’s  predicted  to  grow  between  80%  and 
90%  year  over  year  for  the  next  several 
years,  even  in  the  current  economic  envi¬ 
ronment.  And  the  bulk  of  the  growth  will  be 
in  the  small-to-midsize  customer  market  — 
a  base  that  the  baby  Bells  should  have 
locked  up. 

Listen  up, you  crybaby  Bells:  Quit  whining 
and  get  out  there  and  compete  in  the  free 
market.  You  might  not  be  used  to  it,  but 
you’ll  get  the  hang  of  it  if  you  try 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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Now  you  can  know 
what,  when,  where 
and  how  data  change 
has  occurred. 


Tripwire®  assures  the  integrity  of  your  data 
and  gives  you  the  ability  to  effectively  pinpoint 
and  manage  undesired  change  across  all  your 
servers  and  network  devices.  By  establishing 
a  baseline  of  data  in  its  known  good  state, 
Tripwire  software  monitors  and  reports  any 
changes  to  that  baseline  and  enables  rapid 
discovery  and  recovery  when  an  undesired 
change  occurs. 

Maximize  System  Uptime 

■  Identify  change  quickly 

■  Enable  quick  restoration  to  a  desired  state 

■  Eliminate  risk  and  uncertainty 

Failsafe  Foundation  for  Data  Security 

■  Ensure  the  integrity  of  your  data 

■  Enable  detailed  audit  reporting 

■  Granular  visibility  and  control 


Tripwire’s  data  integrity  assurance  solutions 
are  the  only  way  to  have  100%  confidence 
that  your  systems  remain  uncompromised. 

In  the  event  of  a  change  in  state,  you’ll  know 
exactly  what,  when,  where  and  how  change 
has  occurred  so  you  can  recover  quickly. 

For  a  FREE  30-day  fully-functional  demo 
and  copy  of  the  white  paper  “Data  Integrity 
Assurance  in  a  Layered  Security  Strategy... 

call  toll-free:  1 -800-TRIPWIRE  (874.7947) 
or  visit  http://networld.tripwire.com  today! 


Lower  Costs  and  Frustration 

■  Greatly  reduces  the  time  it  takes  to 
find  and  diagnose  problems 

TMMiriDf 
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THE  DATA  INTEGRITY  ASSURANCE  COMPANY 


©  Copyright  2003.  Tripwire  and  the  Tripwire  logo  are  registered  trademarks  of  Tripwire,  Inc. 


OptiView  Wireless  Network  Analyzer 


With  only  a  couple  hundred  bucks  worth  of  wireless 
gear,  war  drivers  can  pull  up  to  your  building  and 
hack  your  network  by  catching  RF  waves  from 
wireless  devices  inside.  Your  employees  may  even 
be  making  it  easier  for  them  by  installing  unauthorized 
access  points.  If  you  think  WEP  protects  you,  think 
again.  It's  child's  play  for  techno  geeks.  So  how  do 
you  nab  them?  Get  the  WaveRunner"  pocket-sized 
wireless  security  guard.  It  instantly  locates  unautho¬ 
rized  users  on  screen.  Or  check  out  our  OptiView 
Wireless  Network  Analyzer?  the  only  tool  to  support 
10/100/1000  and  now  wireless  Ethernet.  Either  way, 
you'll  have  total  Supervision  to  catch  war  drivers 
red-handed.  More  good  news.  The  ultimate  wireless 
reference  poster  is  now  available. 


See  an  amazing  virtual  demo  right  now  at 
www.f  lu  ken  etwo  r  ks.  co  m /  wi  re  less 


NETWORKSUPERVISION™ 
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NetworkWorld  m 


Fortinet  revs  its  security  gear 

Multifunction  device  packs  4G  bit/sec  firewall  potential. 


■Takes 

■  It’s  not  a  new  name  in  telecom,  but 
UTStarcom  is  making  an  attempt  to 
become  a  better-known  name  around 
the  world.  The  company  is  buying  all 
the  telecom  gear,  patents  and  ser¬ 
vice  and  support  contracts  that 
3Com  subsidiary  CommWorks 
owned  for  $100  million.  UTStarcom, 
which  conducts  most  of  its  business 
in  China,  where  telecom  spending  is 
strong,  says  it  hopes  it  can  parlay 
CommWorks’  customer  list  into  more 
business  for  itself.  CommWorks  says 
it  has  17  of  the  20  largest  carriers  in 
the  world  as  its  customers,  including 
AT&T,  BellSouth,  Qwest,  Sprint, 
Verizon  and  WorldCom. 

■  Sprint  says  it  will  use  the  Tellabs 
7100  optical  transport  switch  in  net¬ 
works  in  Florida  and  North  Carolina 
to  provide  services  such  as  Gigabit 
Ethernet  that  are  based  on  entire 
wavelengths  of  light.  The  device  sup¬ 
ports  dense  wavelength  division  mul¬ 
tiplexing  up  to  64  separate  band- 
widths  of  light  onto  one  fiber.  The 
7100  uses  parallel  filters  and  power 
balancing  so  wavelengths  can  be 
added  to  a  fiber  without  disrupting 
those  already  running  through  it. 
Without  these  features,  adding  wave¬ 
lengths  interferes  with  those  already 
on  the  fiber,  requiring  manual  re-engi¬ 
neering  of  each  hop  in  the  optical 
network.  Sprint  already  used  a  vari¬ 
ety  of  other  electrical  and  optical 
Tellabs  equipment. 

■  Sentito  Networks  has  received 
an  additional  $14  million  in  funding 

to  continue  developing  its  New  End 
Office  switching  gear  for  service 
providers  that  supports  voice,  data 
and  video  traffic.  The  new  funding 
round  brings  its  total  venture  backing 
to  $25  million.  The  combination 
media-gateway  and  media-controller 
equipment  is  based  on  IP  and  is 
small  enough  to  be  placed  in  remote 
terminals  in  carrier  networks,  and 
support  traditional  voice  and  data 
services  as  well  as  packet  services.  It 
serves  the  same  function  as  local 
phone  switches,  known  as  Class  5 
switches,  and  data  switches. 


■  BY  TIM  GREENE 

SANTA  CLARA  —  Fortinet  is  getting 
ready  to  ship  a  beefed-up  version  of  its 
security  platform  that  would  let  service 
providers  protect  their  networks  and  offer 
security  services  to  customers. 

Called  FortiGate  3600,  the  new  hard¬ 
ware  platform  is  one-third  faster  than  its 
previous  top-shelf  box,  the  FortiGate 
3000,  with  a  potential  firewall  throughput 
of  4G  bit/sec  if  no  other  security  applica¬ 
tions  are  running  at  the  same  time.  The 
top  speed  for  FortiGate  3000  was  3G 
bit/sec.  The  new  gear  comes  with  fire¬ 
wall, VPN,  antivirus,  content  filter¬ 
ing  and  intrusion-detection  soft¬ 
ware  installed. 

Fortinet  says  the  device  can  per¬ 
form  virus  screening  at  more  than 
100M  bit/sec,  but  the  exact  speed 
depends  on  the  mix  of  traffic 
types  on  the  wire.  Some  traffic, 
such  as  HTTP  is  easier  to  screen 
than  others,  such  as  executable  files,  the 
company  says. 

The  equipment  could  be  placed  in  ser¬ 
vice  provider  networks  to  perform  two 
functions. 

First,  it  could  be  placed  at  peering  points 
with  other  provider  networks  to  screen 
traffic  before  it  enters,  reducing  the  threat 
of  intercarrier  infection  by  viruses  and 
worms. 

FortiGate  3600  also  could  be  placed 
between  customer  sites  and  the  provider 
network  to  screen  traffic  to  and  from  cus¬ 
tomers.  The  box  would  be  placed  on  the 
carrier  side  of  a  customer-line  aggregation 
device  such  as  a  DSL  access  multiplexer. 
The  carrier  could  then  charge  a  premium 
for  securing  the  link,  the  company  says. 
Japanese  carrier  KDDI  uses  FortiGate  3000 
to  support  a  managed  antivirus  service, 
Fortinet  says. 

Large  companies  could  use  the  box,  too. 

This  type  of  screening  is  the  most  effi¬ 
cient  way  to  secure  a  network,  says  Eric 
Ogren,  a  senior  analyst  at  The  Yankee 
Group. “You  might  as  well  scan  at  the  net¬ 
work  layer  rather  than  try  to  get  every  PC 
inside  the  network  to  do  it,”  he  says.  Any 
updates  could  be  done  on  a  single  device 
rather  than  each  desktop,  saving  on  oper¬ 
ational  costs,  he  says. 

The  box  includes  a  new  feature  that  lets 
it  accept  updated  intrusion  and  virus  sig¬ 
natures  without  having  to  seek  them  out 


Fast  security 

The  FortiGate  3600  combines 
security  functions  on  a  single 
platform  that  carriers  could 
use  to  support  network-based 
Internet  security  services. 

Functionality:  Firewall,  VPN,  antivirus, 
intrusion  detection,  content  filtering. 

Interfaces:  Gigabit  Ethernet  (6); 

10/100  Ethernet  (1). 

Total  processing  power:  4G  bit/sec. 
Ships:  End  of  March. 


from  Fortinet.  Instead,  new  signatures  are 
pushed  to  the  machines  via  the  Internet. 
Fortinet  says  its  gear  has  a  leg  up  on 


SnowShore, 
team  to  link 

■  BY  TIM  GREENE 

SnowShore  Networks  is  introducing  an 
appliance  for  service  providers  that  pro¬ 
cesses  IP  traffic  so  it  can  cross  between  car¬ 
rier  networks  without  losing  service-quality 
markers  or  being  dropped  altogether. 

Called  the  SnowShore  Al-MF  Media  Fire¬ 
wall,  the  device  is  being  teamed  with  Nex- 
Tone  Communications’  Multiprotocol  Ses¬ 
sion  Controller  (MSC)  software  to  parse 
packets,  analyze  and  alter  them  if  neces¬ 
sary  so  payloads  make  their  way  across 
network  boundaries  intact. 

SnowShore ’s  Al-MF  hardware/software 
media-processing  and  routing  engine  will 
power  this  processor-intensive  session-con- 
trolling  by  the  MSC  software.  The  gear  can 
perform  network  address  translation  so  traf¬ 
fic  whose  private  source  address  is  changed 
to  a  public  one  still  can  find  its  destination 
and  receive  return  traffic.  The  equipment 
also  could  process  traffic  so  it  retains  qual- 


other  security  vendors  because  its  custom 
processor,  FortiASIC,  was  designed  to 
speed  up  deep  inspection  of  each  packet 
and  share  that  information  with  various 
security  applications  on  the  device.  The 
company’s  closest  competitor  is  ServGate, 
although  it  also  competes  indirectly  with 
firewall  and  VPN  vendors,  Ogren  says. 

Some  of  these  firewall/VPN  vendors, 
such  as  NetScreen  Technologies  and 
WatchGuard  Technologies,  are  adding 
security  functions  like  virus  scanning,  and 
as  such  are  becoming  more  direct  com¬ 
petitors,  he  says. 

FortiGate  3600  has  a  standard  hardware 
configuration  consisting  of  six  Gigabit 
Ethernet  ports,  two  copper 
and  four  fiber,  and  one 
10/100  Ethernet  port  that 
could  be  used  for  manage¬ 
ment  or  to  connect  to  a  se¬ 
cure  network  demilitarized 
zone  segment. 

It  costs  about  $30,000  and 
comes  with  free  intrusion-detection  and 
antivirus  updates  from  the  FortiResponse 
network  for  the  first  90  days.  ■ 


NexTone 
IP  nets 

ity-of-service  (QoS)  markers  that  can  be 
understood  on  another  network. 

Traffic  such  as  IP  voice  faces  problems  as 
it  crosses  IP  network  boundaries  because  it 
must  be  treated  with  a  high  priority  or  call 
quality  will  suffer.  So  whatever  QoS  mecha¬ 
nism  one  network  uses  must  be  mapped  to 
the  mechanism  the  next  one  uses. The  ses¬ 
sion  controller  performs  this  work. 

NexTone  software  can  run  on  Sun  Netra 
servers,  but  the  Al-MF  has  the  capacity  to 
support  the  traffic  volume  a  carrier  net¬ 
work  could  throw  at  it. 

The  combination  of  the  Al-MF  with  the 
MSC  costs  $1 10,000.  ■ 

More  online! 

What  is  a  media  server, 
anyway? 

DocFinder:  4645 
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Products.  People. 


Problems  solved 


From  servers  to  service,  Dell  has  the  solution. 


Dell  |  Small  and  Medium  Business 

Your  business  has  unique  needs.  It  deserves  a  unique  solution.  From  PowerEdge  servers  featuring  Intel®  Xeon~ 
processors  to  PowerVault  Storage  and  PowerConnect  Switches,  we  offer  tailored  solutions  to  meet  your  business  needs. 
And  of  course  it’s  Dell,  so  you  know  you're  getting  the  latest  technology.  But  that's  only  half  of  the  story.  Dell  offers 
consulting  services  that  range  from  deployment  and  installation  to  training  and  certification.  All  from  one  source.  And 
everything  is  backed  by  thousands  of  service  and  support  people  at  your  beck  and  call,  on-site,  online  and  on  the  phone. 
Suddenly  your  IT  infrastructure  doesn't  seem  so  daunting.  Let  Dell's  one-of-a-kind  solutions  put  you  on  the  path  to 
one-of-a-kind  success. 


Dell  Rated  #1  in  Intel-Based  Server  Satisfaction 


Corporate  IT 


Technology  Business  Research 
Buying  Behavior  and  Customer  Satisfaction  Study 

Third  Quarter  2002 
-  December  2002 


Call  M  l  7«-8p  Sal  8a  Sp.  CT 

Pricing,  specifications,  availability  and  terms  of  offer  may  change  without  notice  Taxes  and  shipping  charges  extra,  and  vary  and  not  subject  to  discounts.  U  S.  Dell  Small  Business  new  purchases  only  Dell  cannot  be  held  responsible  for  errors  in  typography  or  photography. 

*  This  device  h3s  not  been  approved  by  the  Federal  Communications  Commission  tor  use  in  a  residential  environment  This  device  is  not,  and  may  not  be,  offered  for  sale  or  lease,  or  sold  or  leased  for  use  in  a  residential  environment  until  the  approval  of  the  FCC  has  been  obtained 

Seu.,  e  may  be  provided  by  thud  party  Technician  will  be  dispatched  following  phone-based  troubleshooting.  Subject  to  parts  availability,  geographical  restrictions  and  terms  of  service  contract  Service  timing  dependent  upon  time  of  day  call  placed  to  Dell  U.S  only  ’for  hard  drives.  6B 
’•taans  1  bii'-on  bytes  accessible  capacity  vanes  with  operating  environment  ^Monthly  payment  based  on  48  month  60  Days  Same-Cash-Quickloan  with  46  payments  at  9  99%  interest  rate  Your  interest  rate  and  monthly  payment  may  be  same  or  higher,  depending  on  your 


Remote  Office  &  File/Print  Sharing  Web  Server  Database 


PowerEdge™  600SC  Server 

Entry-Level  Server  with  Performance  Features 

•  Intel®  Pentium®  4  Processor  at  2.40GHz 

•  128MB  200MHz  ECO  DDR  SDRAM 

•  Upgradeable  to  4GB  of  Memory 

•  36GB5  (10K  RPM|  SCSI  Hard  Drive  (Up  to  146GB5  HD  Avail) 

•  Upgradeable  to  584GB5  of  Internal  Hard  Drive  Storage 

•  Embedded  Intel®  PRO  Gigabit50  NIC 

•  Five  PCI  Expandability  Slots  (4-64/33MHz.  1-32/33MHz) 

•  Embedded  Systems  Mgmt  Devices  for  Error  Detection 

•  1-Yr  24x7  Dedicated  Server  Phone  Tech  Support 

•  1-Yr  Next  Business  Day  On-Site  Service’ 

J\  as  low  as  $18/mo„  (46  prats”) 

E-VALUE  Code:  17265- S20306s 

For  a  complete  server  solution  we  recommend  these  additions: 

•  PowerConnect  2016  16-Port  Ethernet  Switch,  add  $119 

•  PV100T-TR5  Tape  Back-Up,  add  $199 


PowerEdge™  1650  Server 

Highly  Available  1U  Rack-Optimized  Server 

•  Intel®  Pentium®  III  Processor  at  1 ,13GHz 

•  Dual  Processor  Capable 

•  256MB  133MHz  ECC  SDRAM  (Up  to  4GB) 

•  36GBS  (10K  RPM)  SCSI  Hard  Drive  (Up  to  146GB5  HD  Avail) 

•  Upgradeable  to  438GB  of  Internal  Hard  Drive  Storage 

•  Dual-Embedded  Intel®  PRO  Gigabit50  NICs 

•  Two  PCI  Expandability  Slots  (2-64/66MHz) 

•  Hot-Swap  Redundant  Cooling  Fans 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

as  low  as  $35/mo.,  (46  pruts1) 

'P  E-VALUE  Code:  17265-S20312s 

For  a  complete  server  solution  we  recommend  these  additions: 

•  PowerConnect  3024’  Managed  24+2GB  Switch,  add  $599 

•  Custom-Install  Site  Survey,  add  $199 


PowerEdge™  2650  Server 

2U  Scalable  Rack  Server  with  High  Processing  Power 

•  Intel®  Xeon“  Processor  at  2.40GHz 

•  Dual  Intel®  Xeon"  Processor  Capable  (Up  to  2.80GHz) 

•  256MB  200MHz  ECC  DDR  SDRAM  (Up  to  6GB) 

•  36GB5  (10K  RPM)  SCSI  Hard  Drive  (Up  to  146GB5  HD  Avail) 

•  Upgradeable  to  730GB5  of  Internal  Hard  Drive  Storage 

•  Dual-Embedded  Gigabit* *  NICs 

•  Dual-Channel  Integrated  SCSI  Controller 

•  Active  ID  Front  Bezel  for  Monitoring  System  Health 

•  3-Yr  Next  Business  Day,  On-Site  Service’ 

•  Small  Business  Pricing 

as  low  as  $49/mo„  (46  pmts”) 

I  j  E-VALUE  Code:  17265-S20317s 

For  a  complete  server  solution  we  recommend  these  additions: 

•  PowerConnect  3248’  Managed  48 + 2GB  Switch,  add  $999 

•  PowerVault  112T-DDS4  (Dual  Drive  Capable) 

Tape  Back-Up,  add  $1499 


The  answers  you  need.  Easy  as  UP*  'V  HBUBB 


Click  www.dell.com/bizsolutions 


Call  1-800-241-5856 


creditworthiness  If  you  do  not  pay  the  balance  within  60  days  of  the  QuickLoan  Commencement  Date  (which  is  five  days  after  product  ships),  interest  will  accrue  during  those  first  60  days  and  a  documentation  fee  may  apply  OFFER  VARIES  BY 
CREDITWORTHINESS  OF  CUSTOMER  AS  DETERMINED  BY  LENDER  Minimum  transaction  size  of  $500  required.  Maximum  aggregate  financed  amount  for  the  paperless  acceptance  QuickLoan  not  to  exceed  $25,000  If  your  order  exceeds  $25K,  a  Dell  Financial 
Services  rep  will  contact  you  to  piocess  your  documentation.  Taxes,  fees  and  shipping  charges  are  extra  and  may  vary  Not  valid  on  past  orders  or  financing.  QuickLoan  arranged  by  CIT  Bank  to  Small  Business  customers  with  approved  credit  '  This  term 
indicates  compliance  with  IEEE  standard  802  3ab  for  Gigabit  Ethernet,  and  does  not  connote  actual  operating  speed  of  IGB/sec.  For  high  speed  transmission,  connection  to  a  Gigabit  Ethernet  server  and  network  infrastructure  is  required  Dell  the  stylized 
E  logo.  E-Value.  PowerEdge.  PowerConnect  and  PowerVault  are  trademarks  of  Dell  Computer  Corporation.  Intel,  Intel  Inside,  Pentium  and  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other 
countries  ©2003  Dell  Computer  Corporation.  All  rights  reserved 
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Don’t  make  me  come  over  there. 


Remotely  migrate  your  users  to  XP  or  2000  without  making  a  scene. 


That’s  right,  you’re  not  a  bellhop,  or  an  IT  concierge  for  that  matter.  With  the  robust  Client 
Mgmt  Suite  from  Altiris,  you’re  a  behind-the-scenes  architect  that  can  remotely  migrate 
an  entire  enterprise  to  XP  or  2000  in  no  time  at  all.  Altiris  even  gives  you  comprehensive 
lifecycle  management  for  all  your  networked  devices,  from  deployment  to  retirement. 

All  of  which  saves  you  from  end-user  visits  and  mindless  lo-tech  chitchat.  So  download  our 
free  Migration  Assessment  Toolkit  today,  before  you  swear  this  is  the  last  time — again. 


altiris 

intuitive  >  manageability 


Get  a  free  Migration  Assessment  Toolkit  today  at  www.altiris.com/easymigrate92  and  avoid  the  hassle. 


©  2002  Atom  Al  nghts  reserved  All  other  products  mentioned  are  property  of  ther  respecVve  owners. 
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SHAPING  YOUR  NETWORK 


802.3af  powers  up  LAN,  lowers  cost 


HOW  IT  WORKS 


802.3af 

The  proposed  802.3af  standard  for  powering  network 
devices  over  Ethernet  wiring  defines  two  types  of  power 
sourcing  equipment:  end-span  and  mid-span. 


Wireless  LAN  access  point 

JUL 


An  Ethernet  switch  with  a 
power-over-LAN  module 
delivers  data  and  power  to 
network  endpoints. 


Acting  as  a  patch  panel,  a  mid-span 
device  sits  between  an  Ethernet 
switch  and  the  endpoints,  and  adds 
power  on  the  spare  wire  pairs. 
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Endpoint  Ethernet  switch 


Ethernet  switch 
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Eight-wire  Category 
5/6  cabling 
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Data  and  power 


Data  pairs  1/2  and  3/6  deliver 
48  volts  of  power  to  the  device. 


Eight-wire  Category 
5/6  cabling 
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Unused  twisted  pairs  4/5  and  7/8 
^Data  deliver  48  volts  of  power  to  the 
Power  (jevjce  while  uninterrupted  data 
runs  on  the  other  wire  pairs. 


■  BY  AMIR  LEHR 

The  proposed  IEEE  802.3af  standard  for 
supplying  power  over  Ethernet  cabling 
will  ease  deployment  of  IP  telephones 
and  wireless  access  points,  and  reduce 
the  cost  of  powering  the  devices.  Cur¬ 
rently  in  draft  status,  the  standard  is  ex¬ 
pected  to  be  ratified  by  June. 

Traditionally,  IP  phones  have  required 
two  connections:  one  to  the  enterprise 
LAN  and  another  to  the  electrical  AC  net¬ 
work.  Other  network  devices, such  as  wire¬ 
less  LAN  access  points,  laptop  computers 
and  Web  cameras,  also  have  required 
both  types  of  connections.  Given  the 
increasing  number  of  LAN  devices  in  cor¬ 
porations,  wiring  AC  connections  for  each 
of  them  is  a  costly  task. 

Network  managers  typically  install  an 
uninterruptible  power  supply  (UPS)  for 
each  device,  or  create  a  separate  back-up 
AC  network,  but  both  alternatives  can  be 
prohibitively  expensive.  Furthermore, 
many  of  these  devices  must  be  installed 
in  unusual  locations  for  optimal  opera¬ 
tion.  To  achieve  effective  radio  coverage, 
wireless  LAN  access  points  are  mounted 
above  ceiling  panels,  where  it  is  rare  to 
find  an  AC  outlet. 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
want  to  contribute  a  primer  on  a  spe¬ 
cific  technology,  standard  or  protocol, 
contact  Amy  Schurr,  senior  managing 
editor,  features  (aschurr@nww.com). 


Commonly  known  as  Power  over  Ether¬ 
net,  the  802.3af  specification  eliminates 
the  need  for  additional  outlets  and  the 
labor  cost  incurred  from  contracting  elec¬ 
tricians  to  install  them. 

What’s  more,  the  technology  supports  a 
point-to-multipoint  power  distribution 
architecture,  parallel  to  the  data  network. 
This  lets  managers  use  a  single  UPS  at  the 
network  core  to  back  up  multiple  scat¬ 
tered  devices  on  the  LAN.802.3af  also  pro¬ 
vides  remote  access  and  management  via 
SNMP  Web-based  control. 

802.3af  defines  a  way  to  build  Ethernet 
power-sourcing  equipment  and  powered 
terminals.The  specification  involves  deliv¬ 
ering  48  volts  of  AC  power  over  unshield¬ 
ed  twisted-pair  wiring.  It  works  with  exist¬ 
ing  cable  plant,  including  Category  3,5,5e 
or  6;  horizontal  and  patch  cables;  patch- 
panels;  outlets;  and  connecting  hardware, 
without  requiring  modification. 

The  current  delivered  to  each  node  is  lim¬ 
ited  to  350  milliamps.The  total  amount  of 
continuous  power  that  can  be  delivered  to 
each  node,  taking  into  account  some 
power  loss  over  the  cable  run,  is  12.95 
watts.  IP  phones  and  wireless  LAN  access 
points  typically  consume  3.5  to  10  watts. 

Power  is  carried  on  two  wire  pairs,  to 
comply  with  safety  standards  and  existing 
cable  limitations.  802. 3af  power  sourcing 
equipment  contains  a  detection  mecha¬ 
nism  to  prevent  sending  power  to  non- 
compliant  devices.  Only  terminals  that 
present  an  authenticated  Power  over 
Ethernet  signature  will  receive  power,  pre¬ 
venting  damage  to  other  equipment. 

802.3af  defines  two  types  of  power 
source  equipment:  end-span  and  mid¬ 
span. 

End-span  refers  to  an  Ethernet  switch 


with  embedded  Power  over  Ethernet  tech¬ 
nology.  These  new  switches  deliver  data 
and  power  over  the  same  wiring  pairs  — 
transmission  pairs  1/2  and  3/6. 

Mid-span  devices  resemble  patch  panels 
and  typically  have  between  six  and  24 
channels.They  are  placed  between  legacy 
switches  and  the  powered  devices.  Each 
of  the  mid-span  ports  has  an  RM5  data 
input  and  data/power  RM5  output  con¬ 
nector.  Mid-span  devices  tap  the  unused 
wire  pairs  4/5  and  7/8  to  carry  power, 
while  data  runs  on  the  other  wire  pairs. 

For  new  deployments,  you’d  typically 
buy  an  end-span  Ethernet  switch.  Mid¬ 
spans  make  sense  for  upgrading  a  net¬ 
work  without  replacing  switches  and  for 


low  port  density. 

However,  it’s  probably  wise  to  consider 
deploying  a  new  end-span  switch  be¬ 
cause  it  will  be  attached  to  IP  phones, 
wireless  LAN  access  points  and  other  pop¬ 
ular  powered  terminals  during  its  ex¬ 
pected  life  span. 

With  either  type  of  power-sourcing 
equipment,  you  can  safely  mix  legacy 
Ethernet  devices  and  new  LAN-powered 
terminals. 

Lehr  is  vice  president  of  business  devel¬ 
opment  and  strategic  planning  for 
PowerDsine ,  and  is  a  voting  member  of  the 
IEEE  802.3  standards  committee.  He  can 
be  reached  at  amirl@powerdsine.com. 


Dr.  Internet 


By  Steve  Blass 


We  leased  a  domain  name  that  is  being  routed 
by  our  ISP  to  a  “holding"  page.  We  want  to  call 
up  the  Web  page  from  outside  our  network  and 
access  our  Internet  Information  Server  (IIS) 
and  Web  page.  We  want  to  use  IIS  to  host  the 
Web  page/domain  using  the  dynamic  IP  address 
that  our  ISP  provides  us.  How  can  we  accom¬ 
plish  this? 

The  secret  is  to  use  a  stable  Internet  location  to 


provide  dynamic  DNS  update  services  or  URL 
redirection  services  that  keep  your  domain  host 
names  synchronized  with  the  dynamically  chang¬ 
ing  IP  address  given  by  your  broadband  ISP. 
Searching  the  phrase  “URL  redirection"  will 
uncover  several  services  on  the  Internet,  including 
www.tzo.com  and  www.no-ip.com.  Or  you  can 
build  your  own  with  a  little  scripting.  The  idea  is  to 
use  a  script  or  servlet  on  your  holding  page  to 
redirect  Web  page  requests  to  your  IIS  server.  The 


trick  is  having  the  IIS  server  check  in  with  the 
holding  page  server  every  time  the  IP  address 
changes  in  order  to  update  the  redirection  script. 
The  static  Web  page  space  that  accompanies 
many  broadband  connections  often  is  suitable  for 
hosting  such  a  holding  page. 

Blass  is  a  network  architect  at  Change@ 
Work  in  Houston.  He  can  be  reached  at  dr.inter- 
net@changeatwork.  com. 
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We’ve  always  loved  those  smart- 
alecky  names  that  programmers 
give  to  their  applications.  In  particu¬ 
lar,  we  rejoice  in  the  recursive  names  such 
as  Pine  and  PHP  Pine  used  to  be  one  of  the 
most  widely  used  e-mail  packages  for  Unix 
and  came  after  another  e-mail  program 
called  Elm.  PINE  is  a  recursive  acronym 
that  stands  for  “Pine  Is  Not  Elm”  (yes,  you 
have  to  be  a  geek  to  find  this  stuff  funny). 

PHP  which  incidentally  is  our  topic  for 
this  week,  is  also  a  recursive  acronym  that 
stands  for  “PHP:  Hypertext  Processor’’  Not 
quite  as  clever  as  Pine  but  not  bad. 

The  topic  of  PHP  came  up  when  some  of 
you  wrote  in  after  the  series  of  columns  we 
did  on  Active  Server  Pages  (ASP)  (see 
www.nwfusion.com,  DocFinder:  4639). 
What  you  wrote  was  along  the  lines  of, “We 
couldn’t  care  less  about  ASP  ’cause  PHP 
rules,  so  why  don’t  you  write  about  PHP 
unless  you  want  us  to  come  around  and 
rough  you  up.” So  we  proudly  present  PHP! 
In  a  nutshell,  PHP  is  primarily  a  server- 


Mark 

Gibbs 


The  Zen  of  PHP 


side  scripting  language  (it  also  can  be  used 
client-side)  that  is  used  in  much  the  same 
way  as  ASP  But  PHP  has  been  around 
since  1994,  and  according  to  the  Netcraft 
survey  of  technology  in  use  on  the  Web, 
more  than  6  million  domains  use  PHP 
scripting  and  that  number  is  growing  at 
15%  per  month  (see  www.php.net/ 
usage.php). 

PHP  (www.php.net)  is  a  project  run 
under  the  auspices  of  the  Apache  Software 
Foundation  (www.apache.org)  and  the 
scripting  engine  —  the  PHP  interpreter, 
called  the  Zend  Engine  —  was  developed 
and  is  published  by  Zend  Technologies 
(www.zend.com). 

The  Zend  Engine  is  open  source,  cross¬ 
platform  and  free!  It  runs  on  all  flavors  of 
Unix  and  Linux,  Windows  98,  ME,  2000,  NT 
and  XPAmigaOS,Mac  OS  X,  Novell  NetWare, 
OS/2,  RISC  OS,  SGI  IRIX  6.5.x  and  AS/400. 

So  what  makes  PHP  so  popular?  Well, 
other  than  being  free,  open  source  and 
cross-platform,  we  also  suspect  that  being 
non-Microsoft  attracts  a  lot  of  people.  Even 
so,  the  really  big  advantages  are  that  PHP 
allows  for  elegant  coding  and  offers  great 
performance.  And  PHP  is  also  fairly  easy  to 
learn  for  even  novice  programmers  —  it 
has  syntax  similar  to  that  of  C  or  Perl. 

PHP  is  also  versatile  —  it  supports  HTTP 
sessions,  Java  connectivity  regular  expres¬ 


sions  and  a  full  alphabet  soup  of  protocols, 
including  LDAR  SNMP  IMAP  and,  under 
Windows,  COM.  PHP  also  supports  a  rela¬ 
tively  new,  very  cool  and  definitely  groovy 
XML-based  data  exchange  standard  called 
WDDX,  which  we  will  discuss  in  a  future 
column. 

As  for  Web  server  support,  PHP  supports 
ISAPI  or,  as  an  alternative,  a  direct  module 
interface  called  SAPI,  which  offers  better 
performance  and  is  compatible  with 
Apache,  Microsoft  Internet  Information 
Server,  Netscape  and  iPlanet  servers.  You 
also  can  use  PHP  as  a  CGI  processor,  which 
requires  the  command-line  executable  ver¬ 
sion  of  PHP 

With  PHP  you  are  not  limited  to  out- 
putting  HTML  —  you  also  can  output 
images,  PDF  files,  Flash  movies,  XHTML 
content  and,  obviously  any  XML  content. 
There  are  all  sorts  of  libraries  to  make  these 
formats  easy  to  create. 

If  you  are  committed  to  PHP  program¬ 
ming  you  can  create  client-side  GUI  appli¬ 
cations  using  something  called  the  PHP- 
GTK  (see  http://gtk.php.net),  a  cross-plat- 
form  windowing  library 

Another  major  strength  of  PHP  lies  in  its 
database  support  —  writing  database 
applications  using  PHP  is  simpler  than  in 
many  other  languages.  PHP  supports 
Adabas  D,  Ingres,  Oracle  (0CI7  and  0CI8), 


dBase,  InterBase,  Ovrimos,  Empress,  Front- 
Base,  POstgreSQL,  FilePro  (read-only), 
mSQL,  Solid,  Hyperwave,  Direct  MS-SQL, 
Sybase,  IBM  DB2,  MySQL, Velocis,  Informix, 
ODBC  and  Unix  dbm  (whew!). 

Installing  PHP  is  pretty  easy  —  see 
DocFinder:  4640  for  general  instructions 
and  detailed  instructions  for  specific  oper¬ 
ating  systems. 

Once  installed,  there  are  a  number  of  run 
time  configuration  options  that  are  stored 
in  the  php.ini  file  —  see  DocFinder:  4641. 
The  location  of  this  file  depends  on  the 
operating  system  and  any  specific  options 
compiled  into  the  executable  —  see  Doc- 
Finder:4642. 

So  by  now  you  must  be  wondering  what 
a  Web  page  with  a  PHP  script  looks  like. 
Here’s  the  standard  “Hello  world”  script 
in  PHP: 

<html> 

<head> 

<title>PHP  Test</title> 

</head> 

<body> 

<?php  echo  “<p>Hello  World</p>“;  ?> 
</body> 

</html> 

No  surprises  there,  eh?  Next  week,  we’ll 
delve  deeper. 

Deep  thoughts  to  gearhead@gibbs.com. 


Compendium 

Compiled  by  Adam  Gaffin 


Editor's  Note:  Cool  Tools  is  on  hiatus  for  a 
couple  of  weeks.  In  the  meantime,  Network 
World  Fusion  Executive  Editor  Adam  Gaffin 
offers  up  some  online  sightings: 

But  how  do  you  really  feel? 

Gerry  McGovern,  who  writes  a  newsletter 
about  the  role  of  written  content  on  the 
Internet,  reacts  to  a  recent  Jupitermedia 
report  that  found  widespread  dissatisfac¬ 
tion  with  expensive  CMS.  McGovern  writes: 
“Content  management  software  hasn’t 
worked  because  it  was  badly  designed  and 
massively  overhyped.  Software  companies 
lied  about  their  products,  charging  crimi¬ 
nal  prices  for  crap  software.  It  hasn’t 
worked  because  organizations  didn’t 
understand  content. . . .”  For  details,  go  to 
www.nwfusion.com,  DocFinder  4627. 

Try  before  you  buy 

Finally,  the  last  word  on  open  source  con¬ 
tent  management  systems  (honest!)  Open- 
sourceCMS  is  a  cool  Web  site  that  has  a 
large  number  of  open  source  systems 
installed.  You  can  log  on  for  an  hour  at  a 
time  and  try  out  any  of  them  —  quite 
handy  for  seeing  which  systems  might 
•et  your  needs  without  having  to  down¬ 


load  and  install  them  first.  Try  it  at 
DocFinder:  4635. 

ET,  Plone  home 

Speaking  of  content  management,  Brian 
Sweeting  has  been  looking  for  a  freeware 
CMS.  He  says  Plone  is  the  one:“i  have  been 
thoroughly  impressed  with  its  out-of-the- 
box  capability  usability  and  most  of  all 
extendability’  DocFinder:  4628. 

Canning  spam 

The  IETF’s  Anti-Spam  Research  Group 
has  come  up  with  a  way  to  try  to  stem  the 
spam  tide.  In  a  draft  specification,  the 
group  proposes  a  “designated  senders  pro¬ 
tocol”  for  SMTP  mail  servers  to  use  to 
check  the  validity  of  headers  of  e-mail.  If 
the  headers  are  spoofed  (common  among 
identity-hiding  spam  scum),  the  mail 
would  not  go  through.  Details  at  Doc¬ 
Finder  4629. 

Sir  Tim? 

On  his  Weblog,  Sam  Sethi  wonders  why 
Tim  Berners-Lee,  the  inventor  of  HTTP  and 
the  Web  and  all  that,  has  not  been  knighted 
yet.  He  writes:  “This  Englishman  may  well 
eventually  become  the  greatest  ever  — 


even  replacing  Churchill.”  DocFinder:4630. 

Tenhut!  802.11a  security 

We  recently  profiled  the  802.11a  wire¬ 
less  network  West  Point  is  building 
(DocFinder:  4631).  Naturally, this  being  the 
military  and  all,  they  didn’t  build  it  with¬ 
out  first  looking  at  the  security  ramifica- 
tions.As  part  of  that  process,  the  school’s 
Information  Technology  and  Operations 
Center  prepared  a  detailed  “Survey  of 
802.11a  Wireless  Security’  which  looks  at 
potential  wireless  hack  attacks.  See  more 
at  DocFinder  4632. 

Why  we  won't  get  to  telecom  nirvana 

In  his  SMART  Letter  newsletter,  David 
Isenberg  compares  the  growth  of  the  oil 
industry  in  the  late  1800s  with  the  state  of 
the  carrier  market  today.  And  he  doesn’t 
like  what  he  sees:  “The  telcos  are  no 
Standard  Oil.  The  people  running  them 
are  no  John  D.  Rockefeller.  If  some  future 
John  D.  Rockefeller  got  a  job  at  a  telco, 
he’d  quit  (or  be  fired). There’s  no  room  for 
vision  or  visionaries  in  patrimonial  telco 
culture.”  See  DocFinder:  4634  for  more 
information. 

Virtual  meetings  in  meatspace 

On  his  Weblog,  Kevin  Lynch,  Macro¬ 
media’s  chief  software  architect,  describes 
meetings  at  the  company  these  days  — 
which  often  involve  people  on  two  coasts 
communicating  via  a  variety  of  IP-based 
collaborative  tools:  “One  problem  with  the 
proliferation  of  laptops  is  the  table  micro¬ 
phone  design  . . .  did  not  anticipate  noisy 


fans  and  keyboard  tapping  right  next  to 
them,  so  meetings  are  commonly  punctu¬ 
ated  by  ‘someone  has  their  computer  by  a 
microphone!”’  See  DocFinder:  4636. 

How  do  I  love  thee? 

On  his  Weblog,  Grant  Hutchinson  profess¬ 
es  his  adoration  for  security  patches:  “You 
know  what  I  like  about  security  patches?  I 
like  that  they  always  work  the  first  time  you 
apply  them.  I  like  that  they  always  explain 
in  precise,  human-readable  detail  exactly 
what  will  be  modified  once  they’re  ap¬ 
plied.  I  like  the  fact  that  they  never  have 
any  obscure  software  dependencies  and 
will  automatically  notify  you  if  something 
is  conflicting  or  missing  from  your  system 
before  the  installation  takes  place."  Doc¬ 
Finder:  4643 

RSS  in  government 

RSS  is  an  XML  subset  that’s  gaining  some 
steam  as  a  way  to  redistribute  and  publish 
information  across  organizations  and  the 
Internet.  Ross  Matthews, government  infor¬ 
mation  coordinator  at  the  Utah  State 
Library,  has  set  up  a  Weblog  to  track  and 
discuss  RSS  use  in  government.  See  it  at 
DocFinder:  4637 

Meanwhile,  if  you’ve  got  the  yen  for  RSS, 
you  can  build  your  own  RSS  feed  out  of 
Network  World  Fusion’s  own  search 
engine.  For  more  on  our  Do-It-Yourself  RSS 
Feed,  see  DocFinder:  4638 

Gaffin  can  be  reached  at  agaffin@ 
nww.com.  Read  Compendium  online  at 
DocFinder:  4628. 


SPECIAL  ADVERTISING  SECTION 


Looking  Deeper, 
Staying  Safer 

An  intelligent  infrastructure  provides 

integrated  network  security,  keeping 
your  business  applications  more  secure. 


Integrated  security  offers 
multiple  layers  of  defense 

Cisco  intelligent  switches  and  routers  offer  an  array  of 
embedded  security  features,  enabling  you  to  implement 
the  level  of  security  you  need  today  and  to  safely  deploy 
IP  telephony,  wireless  mobility,  and  other  solutions  in 
the  future.  Integrated  features  include: 

Identity-based  network  services:  Using  the  802.1  x 
authentication  protocol,  the  network  grants  privileges 
based  on  personal  logon  info,  rather  than  the  device 
being  used. 


When  you  run  your  business  applications  over  an  intelligent  network  infrastructure, 
you’re  protecting  much  more  than  data.  You’re  protecting  the  value  of  your  IT 
investments.  You’re  protecting  the  privacy  and  productivity  of  employees,  partners,  and 
customers  alike.  You’re  improving  the  reliability  and  availability  of  your  applications. 
Ultimately,  you’re  protecting  your  company’s  reputation — and  its  bottom  line. 

That’s  why  Cisco  Systems  integrates  security  features  into  every  part  of  the  network, 
starting  with  the  intelligent  switches  and  routers  that  provide  the  foundation  for 
today’s  business  applications.  As  a  result,  you  can  implement  whatever  level  of 
protection  you  need,  wherever  you  need  it,  even  as  you  implement  new  solutions 
and  extend  access  to  new  users. 

An  intelligent  network  infrastructure  looks  deeper  into  streams  of  data  to  identify 
unauthorized  or  malicious  users,  allowing  only  appropriate  users  access  to  the  systems 
and  information  they  need.  And  because  Cisco  switches  and  routers  come  equipped 
with  embedded  firewalls,  intrusion  detection  systems,  user-authentication  services, 
content  filtering,  virtual  private  network  services,  IP  security,  and  other  safeguards, 
you  can  create  multiple  layers  of  defense  without  compromising  performance  or 
complicating  management. 

By  the  same  token,  you’ll  find  an  array  of  security  features  integrated  into  Cisco  PIX® 
Firewalls,  VPN  Concentrators,  IDS  appliances,  IP  phones,  wireless  LAN  equipment, 
content  delivery  appliances,  and  virtually  every  other  network  device  Cisco  builds,  as 
well  as  the  Cisco  IOS®  Software  that  binds  them  all  together. 

Of  course,  there’s  always  a  chance  you  won’t  need  to  take  all  of  these  precautions.  But 
as  the  world  leader  in  creating  secure  networks,  Cisco  believes  you  should  never  have 
to  rely  on  chance  alone. 


Access  control  lists:  Users  are  restricted  to  designated 
areas  of  the  network,  blocking  unauthorized  access 
to  all  other  applications  and  information. 

Encryption:  IPSec  Virtual  Private  Networks  provide 
secure  tunnels  across  public  networks,  establishing 
secure  connections  for  remote  sites  and  mobile  users. 

Virtual  LANs:  Traffic  on  the  LAN  can  be  isolated  based 
on  users  and  applications  or  business  requirements, 
shielding  data  from  prying  eyes. 

Rate  limiting:  Network  managers  can  set  bandwidth 
thresholds,  helping  to  prevent  the  deliberate  or 
accidental  flooding  of  the  network. 

Intrusion  protection:  The  network  continually  scans 
for  signs  of  hackers,  taking  immediate  steps  to  stop 
them  before  damage  is  done. 

Content  filtering:  Users  are  prevented  from  accessing 
objectionable  Web  content,  minimizing  legal  exposure 
and  reducing  unnecessary  WAN  traffic. 

SSL  optimization:  Exploding  volumes  of  SSL  traffic  can 
be  offloaded  from  servers,  cost-effectively  scaling 
application  performance  and  reliability  for  network 
users,  while  simplifying  certificate  management. 


Learn  how  Cisco  routers,  switches,  and  security  appliances  can  help  you  secure 
your  network  and  deliver  a  greater  return  on  your  investments  in  technology. 

www.nwfusion.com/cisco/security 
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EDITORIAL 

John  Dix 

IP  PBX  vendors 
ready  for 
VON  debate 


In  February  we  challenged  some  of  the  largest  IP  PBX 
suppliers  to  come  to  the  Voice  on  the  Net  show  at  the 
end  of  this  month  in  San  Jose  to  discuss  just  what  it  is 
that  makes  their  products  stand  apart. 

After  all,  we  are  at  that  stage  in  the  development  of 
this  market. The  shroud  of  mystery  surrounding  the  tech¬ 
nology  is  gone,  we  know  how  the  products  work,  early 
adopters  are  having  success,  and  now  the  pressure  is  on 
vendors  to  differentiate  wares  that,  on  the  face  of  it,  look 
increasingly  similar. 

All  the  vendors  we  called  on  have  taken  up  the  gaunt- 
let.The  participants  are: 

•  Alcatel:  Jeanne  Bayerl,  director  of  product  marketing, 
Alcatel  eBusiness  Networking  division. 

•  Avaya:  Mack  Leathurby  director,  converged  system 
and  unified  communication  applications/portfolio  prod¬ 
ucts  and  solutions  marketing. 

•  Cisco:  Marthin  DeBeer,vice  president  and  general 
manager,  enterprise  voice  and  video  business  unit. 

•  Mitel:  Christian  Szpilfogel,  director  of  product  line 
management  for  enterprise  platforms. 

•  Nortel:  Tony  Pereira,  director,  enterprise  solutions 
marketing. 

Yours  truly  and  co-host  Mike  Hommer,  manager  of  con¬ 
sulting  for  Miercom,  which  is  a  member  of  the  Network 
World  Global  Test  Alliance,  will  try  to  pin  down  these 
folks  on  the  core  differences  between  their  respective 
products. 

While  that  debate  undoubtedly  will  touch  on  technol¬ 
ogy,  we  will  focus  on  features,  functions  and  capabilities 
—  everything  from  management  tools  to  security 
options,  call  center  support  to  unified  messaging,  station 
alternatives  to  ROI. 

The  goal,  of  course,  is  for  attendees  in  the  room  to  walk 
away  with  a  better  idea  of  where  the  core  IP  PBX  ven¬ 
dors  stand  on  a  range  of  topics,  any  subset  of  which 
would  be  important  to  different  types  of  deployments. 

After  Hommer  and  I  pester  each  vendor,  the  manufac¬ 
turers  will  be  given  the  chance  to  grill  each  other  in  this 
classic  debate  format,  and  then  we’ll  wrap  it  up  by  throw¬ 
ing  it  open  to  questions  from  the  audience. 

These  things  usually  are  lively  and  revealing,  so  if  you’re 
considering  voice  over  IP  try  to  make  it  to  this  Network 
World  Showdown, “IP  PBXs: Telling  the  players  apart,”  from 
5  to  6:30  p.m.  March  31  at  Spring  VON  at  the  San  Jose 
Convention  Center.  (To  register  for  VON,  go  toVON.com.) 

In  the  meantime,  send  along  any  questions  you  would 
like  to  see  the  IP  PBX  vendors  address. 


—  John  Dix 
Editor  in  chief 
Jdix@nww.com 
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Helping  the  hacker 

Your  story  “Next  ‘Slammer’  could  be  worse”  (www. 
nwfusion.com, DocFinder: 4623)  states:”... the  notion 
of  blocking  traffic  automatically  remains  controver¬ 
sial  because  of  worries  about  cutting  off  legitimate 
traffic.”  Blocking  traffic,  whereby  legitimate  traffic  is 
blocked  along  with  illegitimate  traffic,  is  always  the 
wrong  thing  to  do.  By  blocking  traffic  for  a  certain 
port,  we  just  complete  the  hacker’s  work  by  taking 
the  server  off  the  network.  The  proper  solution  to 
these  types  of  attacks  is  to  always  filter  the  bad  traffic 
out  and  let  the  legitimate  traffic  continue  unfettered. 

Hank  Nussbacher 
Consultant 
Riverhead  Networks 
Tel  Aviv 

The  blame  game 

Regarding  Mark  Gibbs’  column  “Laying  blame  when 
things  are  going  wrong”  (DocFinder:  4624):  I  have 
maintained  that  Microsoft’s  customers  are  getting 
exactly  the  quality  of  software  they  deserve. 

I  have  always  held  my  vendors  to  high  standards  of 
quality  When  I  find  a  bug  in  Solaris,  I  call  it  in  to  Sun. 
Sometimes  I  get  a  fix  quickly,  sometimes  it  takes 
longer.  I  generally  get  an  admission  that  “it  shouldn’t 
do  that”  and  that  an  official  bug  will  be  entered  into 
Sun’s  tracking  system. 

The  vast  majority  of  people  using  Windows  prod¬ 
ucts  have  low  expectations  of  their  systems.  They 
don’t  know  any  better.  The  only  computers  they 
have  used  have  been  running  Windows  and  have 
needed  frequent  rebooting  and  reloading.  They 
are  amazed  when  they  find  out  that  I  usually  don’t 
have  to  reboot  my  Unix  systems  more  frequently 
than  every  100  days.  We  need  to  educate  folks  to 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  Editor  In 
Chief,  Network  World,  1 18  Turnpike  Road,  Southbomugh,  MA  01 772. 
Please  include  phone  number  and  address  for  verification. 


expect  —  no,  demand  —  better. 

Paul  Kraus 
Systems  architect 
Information  Management  Group 

Albany  N.Y 

I  don’t  think  Mark  Gibbs  is  wrong,  but  I  want  to 
clarify  where  a  good  portion  of  the  blame  lies:  with 
the  bean  counters. 

Every  company  has  them,  the  so-called  financial 
analysts  who  routinely  override  the  decisions  that 
professionals  want  to  make  and  force  them  to 
buy/lease/rent  the  least-expensive  solution  because 
it  is  “good  enough”  and  will  help  the  bottom  line. 
These  are  the  same  folks  who,  when  layoff  times 
come,  press  to  lay  off  the  technical  people  because 
they  make  the  most  money  —  then  decry  the  lack  of 
top-notch  technical  support.  Or  they  ram  depart¬ 
mental  outsourcing  —  pushing  support  out  the  door 
to  some  company  that  gives  a  low-ball  fixed-price 
contract  —  in  the  name  of  saving  money  and  being 
better  able  to  manage  expenses.  So  the  company 
ends  up  with  a  bunch  of  techs  who  have  no  vested 
interest  in  the  company’s  long-term  success. 

Frank  Vaughan 
Chandler,  Ariz. 

Mark  Gibbs  has  left  out  one  of  the  biggest  factors 
in  the  “blame  game”:  Microsoft’s  patches  are  noto¬ 
rious  for  causing  more  damage  than  they’re  de¬ 
signed  to  prevent.  And  this  SQL  patch  was  not  a 
simple  double-clicker.  A  front-page  story  in  the 
same  issue  (“Next  ‘Slammer’  could  be  worse,”  Doc- 
Finder:  4623)  states, “[Many  Microsoft  customers] 
say  the  patch  is  hard  to  do  and  can  easily  take  six 
hours.”  And  you  still  need  to  down  your  server  to 
complete  the  patch.  It’s  no  wonder  users  are  hesi¬ 
tant  to  immediately  apply  every  one  of  the  count¬ 
less  patches  from  Redmond. 

Paul  Ames 
Hauppauge,N.Y 


More  online!  www.nwfiision.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  4621 
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n  the  annals  of  networks,  2003  will  be 
known  as  the  year  of  network  security  With 
the  passage  last  year  of  the  Gramm-Leach- 
Bliley  Act,  the  Health  insurance  Portability 
and  Accountability  Act  and  the  European 
Union’s  Directive  on  Data  Protection,  2003  will  be  the  year  when  com¬ 
panies  will  need  to  view  network  security  from  a  regulatory  and  com¬ 
petitive  standpoint. 

From  a  regulatory  standpoint,  companies  affected  by  the  legislative 
acts  will  be  held  accountable  for  ensuring  that  personal  information  in 
theirsystems  issecure.If  it  is  leaked, stolen  or“sniffed"off  data  networks, 
a  company  can  face  legal  and  financial  consequences.  From  a  com¬ 
petitive  standpoint,  even  companies  not  directly  affected  by  the  regu¬ 
lations  will  need  to  address  network  security  as  consumers  and  busi¬ 
ness  partners  begin  to  demand  protection  of  personal  information. 

Along  with  protecting  against  the  promiscuous  viewing  of  per¬ 
sonal  information,  companies  will  need  to  implement  security  to 
protect  their  systems  from  software-based  attacks  such  as  adaptive 
worms,  viruses, Trojan  horses  and  denial-of-service  attacks. 

Network  security  will  need  to  be  more  than  just  an  access  control  list 
in  a  boundary  router, an  encrypted  password  on  a  file  server  or  a  basic 
configuration  on  a  firewall.To  provide  the  protection  needed  to  ensure 
privacy  of  competitive  strategy  and  compliance  with  federal  regula¬ 
tion,  companies  will  need  to  enlist  external  and  internal  resources. 

External  resources  are  needed  to  perform  a  full  security  audit.  An 


2003  is  the  year  of  network  security 


internal  audit  could  miss  potential  security  holes.The  back-door  net¬ 
work  access  that  the  engineers  use  to  troubleshoot  problems  remote¬ 
ly  might  not  be  viewed  as  a  problem  by  internal  personnel,  but  an 
external  auditing  team  might  view  it  more  objectively. 

External  resources  also  should  be  considered  for  the  implementa¬ 
tion  and  management  of  security  platforms.  It  can  be  costly  to  train 
and  retain  security  engineers.  Unless  you  have  a  large  network 
requiring  dedicated  security  engineers, it  might  be  more  economical 
to  use  a  third-party  vendor  to  implement  and  manage  the  security 
infrastructure. 

However,  as  the  ultimate  responsibility  lies  with  the  company  internal 
resources  are  necessary  to  oversee  the  security  process.  Each  company 
needs  internal  resources  to  identify  business-specific  security  mea¬ 
sures  and  processes  that  are  needed,  define  the  access  and  protection 
that  is  required,  manage  creation  of  the  security  environment,  oversee 
third-party  vendors,  and  ensure  that  any  new  security  requirements  are 
identified  and  implemented. 

The  network  is  the  door  to  a  company  It  can’t  be  open  to  everyone, 
but  to  do  business  the  door  can’t  be  completely  shut.  Network  security 
will  become  essential  as  the  doorman  —  letting  in  customers  who 
have  a  right  to  access  the  network,  keeping  their  identities  and  infor¬ 
mation  as  discreet  as  possible,  and  blocking  the  door  to  all  others. 


The  network  is 
the  door  to  a 
company.  It  can't 
be  open  to  every¬ 
one,  but  to  do 
business  the 
door  can’t  be 
completely  shut. 


Yoke  is  a  business  solutions  engineer  for  a  corporate  network  in 
Denver.  He  can  be  reached  at  ckyoke@yahoo.com. 


ON  SECURITY 


Schwantau 


t  many  firms,  back-up  policies  and  pro¬ 
cedures  are  a  hodgepodge  of  action, 
i  inaction  and  political  infighting.Who’s  in 
charge?  Is  it  the  disaster-recovery  folks,  because  failed  drives  and 
erased  tapes  certainly  could  qualify  as  a  disaster?  Or  is  it  the  business 
continuity  group,  whose  job  it  is  to  make  sure  . . .  well,  business  contin¬ 
ues? The  IT  department  likes  to  control  all  aspects  of  IT  stuff, so  maybe 
it  should  run  the  back-up  process.  But  wait!  What  about  the  information 
security  people,  well  trained  in  backup  and  other  such  nuances  of 
information  protection? 

This  is  a  turf  battle  I’ve  seen  more  times  than  I  care  to  remember.  And 
now,  adding  fuel  to  the  fire  is  another  back-up  procedure:  cryptography 

Who  wants  to  lose  a  laptop  on  a  subway  or  at  the  airport  only  for 
some  competitive  geek  to  gobble  up  sensitive  corporate  data?  Because 
typical  Windows  passwords  are  “fred,”  “sex,”  “mommy”  or  some  other 
simplistic  choice,  getting  to  the  contents  of  the  hard  disk  is  a  minor 
hacking  job  at  best. So  what’s  the  answer? 

Crypto, of  course.  Encrypt  the  contents  of  the  hard  disk  so  prying  eyes 
that  crawl  past  the  minor  barriers  Windows  offers  will  find  only  gigs  of 
gibberish.  Pretty  Good  Privacy,  Data  Encryption  Standard  and  Ad¬ 
vanced  Encryption  Standard  are  just  a  few  of  the  many  choices  for  en¬ 
crypting  mission-critical  files. 

There  is  little  point  in  wasting  CPU  time  on  encrypting  programs  — 
all  that  constant  opening  and  closing  of  program-relevant  files  would 
put  a  4-GHz  Pentium  on  Quaaludes.All  you  really  need  to  encrypt  are 
important  files. 

My  friend  Stan  was  evaluating  how  to  add  security  at  the  desktop  with 
crypto,  add  crypto  to  his  consultant’s  laptops  to  protect  data  from  sub¬ 
way  hackers,  and  crypto-protect  his  servers.  Smart  move,  or  not? 

I  asked  Stan  whether  he  had  ever  had  any  trouble  backing  up  files 
or  servers.  No,  he  replied,  backing  up  is  simple.  Exactly.  The  tough 
part  is  restoring  the  data  to  a  usable  format.  There’s  a  whole 
subindustry  out  there  to  recover  data  that  was  supposedly  backed 
up,  but  people  forgot  to  periodically  test  the  system  and  see  if  it 
worked.  Because  backup  is  so  important,  let’s  work  on  perfecting  it 


Who's  in  charge  of  crypto  backup? 


to  the  best  of  our  ability 

We  all  want  privacy  on  our  laptops  and  desktops.  But  are  you  willing 
to  encrypt  all  the  data  on  your  machine  of  choice,  knowing  that  a  sim¬ 
ple  bit  flip,  glitch,  bug  or  hard-disk  error  could  render  it  unrecoverable? 
At  least  with  data  stored  in  plain  text,  you  stand  a  chance  of  recovery 
after  a  crash. 

Also,  you  have  to  manage  the  keys  separately  from  the  cryptography 
process.  How  many  of  us  always  remember  all  our  passwords,  access 
codes,  PINs,  user  IDs,  and  the  multitude  of  security  do’s  and  don’ts  we 
are  expected  to  know?  That’s  why  we  back  things  up,  right? 

OK.  Let’s  assume  you  have  a  really  reliable  crypto  program  for  your 
desktop  and  the  key  management  problem  is  solved  to  your  satis¬ 
faction.  You  also  have  an  enterprisewide  back-up  procedure  in 
place.  What  is  actually  happening  here?  You  would  be  backing  up 
the  encrypted  data  from  the  desktops  and  servers  onto  some  back¬ 
up  media  that  is  shipped  off-site  for  safekeeping.  What  is  wrong  with 
this  picture? 

You  are  adding  an  additional  fallible  process  (crypto)  onto  an 
already  known-to-be-fallible  process  (backup)  in  the  hopes  of 
adding  security  to  your  networks.The  risk  is  that  you  are  combining 
two  processes  that  should  remain  distinct  from  each  other,  because 
if  either  process  fails  or  adds  error.it  also  destroys  the  efficacy  of  the 
other  process. 

Large  corporations  want  simplicity  and  efficiency  with  minimized 
risk.  Before  attempting  to  encrypt  sensitive  stored  data  that  is  part  of  an 
enterprise  back-up  process,  you  need  to  answer  some  important  ques¬ 
tions.  Which  group  (or  groups)  would  be  responsible  for  crypto?  Are 
additional  fault  tolerance  and  redundancy  needed?  How  often  do  you 
test  the  system? 

And  finally  is  the  risk  of  encrypting  data,  where  an  error  could  make 
it  unrecoverable  for  the  eons,  really  worth  the  benefit?  Just  asking. 


Is  the  risk  of 
encrypting  data, 
where  an  error 
could  make  it 
unrecoverable 
for  the  eons, 
really  worth  the 
benefit? 


Schwartau  is  president  of  Interpact,  a  security  awareness  consulting 
firm,  and  author  of  several  books,  including  the  recent  Pearl  Harbor 
Dot  Com.  He  can  be  reached  at  winns@gte.net. 
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|  M  iscover  how  NEC’s  BlueFire®  enterprise  switching  and  access  solutions  can  energize  your  network, 
bolster  security  and  enrich  the  connectivity  that  keeps  your  business  moving.  BlueFire  solutions  provide 
outstanding  data  networking  value.  They  integrate  seamlessly  into  your  existing  network,  delivering  the 
security,  interoperability,  survivability  and  business  connectivity  your  growing  organization  needs.  What’s 
more,  you  benefit  from  NEC’s  proven  migration  strategy  by  upgrading  your  network  technology  all  at*  once 
or  phasing  it  in— the  choice  is  yours. 


So,  take  advantage  of  NEC’s  worldwide  reputation  for  innovation  in  data  communications,  telephony 
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Technology  Insider: 
Web  services 
We’re  in  the  very  early 
stages  of  Web  services, 
but  already  companies 
are  finding  that  they  can 
automate  important 
business  processes 
using  standards  such  as 
SOAP  and  XML  Not  only 
that,  but  companies  on 
the  cutting  edge  of  Web 
services  deployment 
are  finding  that  they  can 
integrate  data  and 
applications  relatively 
easily.  The  benefits  are 
reduced  costs  and  new 
business  opportunities. 


OAVJD  RANDELL 


Case  study: 

Lydian  Trust: 

This  Florida  financial  ser¬ 
vices  company  built  a  Web 
services  application  that 
has  automated  70%  of  its 
auto  loan  applications.  CTO 
John  Studdard  says  Lydian 
went  from  processing  60 
applications  a  day  to  pro¬ 
cessing  600,  without 
increasing  its  staff. 


Survey  results: 

Nemertes  Research  con¬ 
ducted  a  detailed  Web  ser¬ 
vices  survey  with  45  lead¬ 
ing-edge  companies  and 
found  that  reducing  costs 
and  increasing  customer 
satisfaction  are  the  two  top 
business  goals  of  Web  ser¬ 
vices  today. 


Go  online 

for  additional  information 
on  Web  services,  including 
definitions,  white  papers, 
news  stories  and  research 

reports  at  www.nwfusion. 
com,  Docfinder:  4644. 


Web  services  pioneers  report 
minimal  pain,  plenty  of  gain 


■  BY  JOHN  FONTANA 


National  Student  Clearinghouse  has  built  a 
Web  service  that  streamlines  and  automates 


one  of  its  key  business  processes. 


And  the  good  news,  according  to  NSC  and  other  network  execu¬ 
tives  who  have  launched  Web  services  projects,  is  that  Web  services 
doesn’t  come  with  a  steep  learning  curve  or  crushing  price  tag. 

“One  of  our  biggest  learning  experiences  was  that  we  tried  to 
overunderstand  Web  ser¬ 
vices.  In  other  words,  we  were 
expecting  to  learn  some  new 
crazy  technology  says  Doug 
Falk,  CIO  for  the  NSC  in 
Herndon, Va.,  which  provides 
university  and  college  degree 
and  enrollment  verification 
services. 

“When  you  get  right  down 
to  it,  it  is  nothing  more  than 
another  application.  Sure, you 
have  a  Web  services  standard 
that  provides  message  trans¬ 
port  and  XML,  which  defines 
the  data  format.  But  other 
than  that,  it’s  just  a  normal 
computer  application,"  he 
says. 

Falk,  however,  cautions  that 
the  technology  is  in  an  ini¬ 
tial  adoption  phase  that  con¬ 
sists  primarily  of  data  and 
application  integration  with¬ 
in  a  corporation. The  next 
two  steps  —  supporting 

WALTER  P  CALAHAN 

transactions  and  automating 

business  processes  that  flow  among  companies  —  will  take  addi¬ 
tional  standards  and  more  time  and  money  to  become  reality. 

Today’s  typical  investments  in  Web  services  projects  involve  thou¬ 
sands  of  dollars  and  a  handful  of  developers,  but  that  eventually  will 
morph  into  tens  of  millions  of  dollars  and  dedicated  IT  manpower, 
experts  say 

“Companies  are  not  changing  a  whole  lot  of  the  systems  that 
they  already  have. They  are  developing  new  ways  to  get  at  things,” 
says  JohnaTill  Johnson,  president  and  chief  research  officer  at 
Nemertes  Research  and  a  Network  World  columnist.  But  the  game 
changes  when  companies  bite  hook,  line  and  sinker.“When  you 
put  all  your  applications  into  a  Web  services  model  and  include 
hardware  changes,  building  redundancy,  support  and  documenta¬ 
tion,  the  average  cost  of  a  Web  services  rollout  is  about  $10  mil¬ 
lion,”  she  says. 

But  today,  companies  are  content  to  spend  much  less  money 
and  effort  on  Web  services  because  they  already  are  reaping 
tangible  benefits. 

At  NSC,  an  investment  of  $50,000  and  a  handful  of  developers 
working  for  six  months  produced  two  Web  services.  One  streamlines 


requests  for  degree  and  enrollment  verifications  from  employers, 
insurers,  lenders  and  those  who  needed  information  on  current  or 
former  students.  A  second  automates  NSC’s  retrieval  of  that  informa¬ 
tion  from  nearly  7,000  universities,  colleges  and  professional  schools. 

Under  the  old  system,  NSC,  which  executes  nearly  100  million 
transactions  per  year,  required  its  customers  to  fill  out  forms  on  an 
NSC  Web  site,  which  meant  customers  had  to  rekey  data  already  in 
their  systems. 

Through  a  Java-based  Web  service,  customers  now  can  send 
data  directly  to  NSC  just  by  retrofitting  their  client  software  to  sup¬ 
port  Web  services  standards.The  client  puts  the  data  in  an  XML 
document  that  is  sent  via  HTTP  in  an  “envelope”  based  on  the 
Simple  Object  Access  Protocol  (SOAP)  to  the  NSC  Web  service. 
The  client  locates  the  service  using  a  Web  Services  Description 
Language  (WSDL)  file,  a  pointer  to  an  Internet  address  that 
amounts  to  a  traditional  URL. The  envelope  is  opened,  and  the 
message  is  read  by  a  Java  application,  which  formulates  a  query 

to  an  Informix  database  running  on 
IBM’s  AIX. The  Java  application 
receives  the  response,  translates  it 
back  into  XML  and  sends  it  to  the 
requester  via  the  same  route. 

NSC  also  uses  Apache  Web  servers 
and  the  Apache  Access  SOAP  engine 
to  facilitate  the  transaction,  and  soft¬ 
ware  from  Flamenco  Networks  to 
authenticate  and  secure  the  commu¬ 
nication.  NSC  does  not  use  the 
Universal  Description,  Discovery  and 
Integration  (UDDI)  protocol,  a  sort  of 
Yellow  Pages  of  available  Web  ser¬ 
vices,  because  it  knows  who  its 
clients  are. 

Doug  Falk  “What  we’re  talking  about 

CIO,  National  Student  Clearinghouse  is  a  faster  system  that 

requires  less  human  inter¬ 
vention,  has  fewer  errors  and  is  lower  in  cost,”  says  Mark  Jones, 
vice  president  of  business  development  and  marketing  for  NSC. 
“We  figure  for  each  client  that  adopts  the  Web  service,  we  will  see 
a  33%  increase  in  volume.  So  that  translates  into  $25,000  to 
$50,000  a  month  fairly  quickly” 

So  far,  NSC  has  about  30  customers  willing  to  update  their  own 
internal  applications  and  many  others  exploring  the  possibility  But 
interest  by  member  schools  has  not  been  as  hot.  Most  continue  to 
provide  updates  via  FTP 

But  with  the  ball  rolling,  NSC  sees  other  benefits,  including  poten¬ 
tial  changes  to  its  business  model.“We  have  the  potential  to  partner 
with  someone  like  a  PfeopleSoft  and  build  access  to  our  Web  service 
directly  into  their  software  and  have  them  act  as  a  distribution  chan¬ 
nel. That  has  the  potential  to  greatly  expand  the  number  of  people 
that  have  access  to  our  service,”  Jones  says. “We  are  certainly  looking 
at  how  this  reshapes  our  future.” 

Tracking  elk  in  Colorado 

Others  are  eyeing  the  future  with  Web  services. The  Colorado 
Department  of  Agriculture  (CDA)  in  Denver  is  a  year  into  a  Web  ser- 


ne  of  our  biggest 
learning  experiences 
was  that  we  tried  to 
overunderstand  Web 
services.  We  were 
expecting  to  learn 
some  crazy  new 
technology." 
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s  ices  project  and  is  angling  to  become  an  information 
hub  and  a  model  for  sharing  data. 

The  government  agency  uses  its  Captive  Elk  Facility 
Web  service  to  track  160  domestic  elk  herds  in  the  state. 
'Hie  herds  are  suffering  from  Chronic  Wasting  Disease, 
typified  by  chronic  weight  loss  leading  to  death. 

Under  a  government  mandate  to  collect  and  dissemi¬ 
nate  information  about  the  disease,  CDA  needed  to  cen¬ 
tralize  data  collected  by  three  of  its  divisions  —  Brand 
inspection,  which  inventories  herds;  Colorado  State 
University  Laboratories,  which  tests  elk  samples;  and 
Animal  Industry,  which  examines  test  results  and  recom¬ 
mends  action. 

To  pull  it  all  together,  CDA  spent  10  weeks  and 
$100,000  to  build  its  Web  service,  which  is  based  on 
Microsoft’s  .Net.The  Web  service  provides  access  to  a 
database  where  the  divisions  input  their  data  and  run 
reports. 

“Previously,  the  brand  division  would  collect  hard 
copy  data  on  the  herds  and  put  it  into  their  proprietary 
database,  then  everything  was  shared  via  fax,"  says  John 
Piscano,  CTO  at  CDA. 

The  Web  service  uses  SOAP  and  WSDL  and  includes 
hooks  for  UDDI,  although  that  technology  is  not  used 
currently.  It  has  a  Web  portal  front  end  that  each  divi¬ 
sion  uses  to  access  the  database  through  a  browser. The 
front  end  uses  SOAP  messages  to  trigger  Web  services 
that  make  XML-based  procedure  calls,  such  as  “input 
data”or“run  reports,”  into  a  Microsoft  SQL  database. 

Piscano  says  CDA  could  have  built  the  application  in 
one  of  four  ways,  including  as  a  client/server  application. 
But  Web  services  was  the  only  method  that  worked  over 
the  64K  frame  relay  pipe  that  connects  the  brand  division, 
which  handles  80%  of  the  data,  to  the  main  CDA  office. 

Moreover,  Web  services  mean  CDA  easily  can  integrate 
its  data  with  other  applications,  particularly  those  that 
the  Department  of  Wildlife  runs,  which  tracks  wild  elk 
herds.  Piscano  also  plans  to  use  the  Web  services  model 
this  summer  to  integrate  data  on  West  Nile  Virus  from  a 
handful  of  government  agencies. 

“Government  agencies  have  all  this  iron  sitting  around 
and  apps  that  are  15  years  old,”  Piscano  says.“And  since 
the  days  of  decent  IT  budgets  are  long  past,  let’s  keep 
this  stuff  up  for  a  few  more  years,  throw  on  a  little  differ¬ 
ent  way  we  are  going  to  access  it,  [such  as]  XML,  and 
keep  running.  What  people  need  to  figure  out  is  that 
they  should  consider  Web  services  their  gateway’ 
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Tracking  the  elusive  401  (k) 

Hewitt  Associates  has  figured  that  out. The 
Lincolnshire,  Ill.,  company  has  nearly  250  large  compa¬ 
nies  contracted  to  its  outsourcing  service  for  employee 
benefits  administration, such  as  enrollment  and  mainte¬ 
nance  of  401  (k)  or  health  plans. 

Previously  Hewitt  used  a  Web  interface  and  screen 
scraping  so  users  could  cull  data  from  its  mainframe  sys¬ 
tem.  Now  about  a  dozen  Web  services,  which  took  six  to 
eight  months  to  build,  offer  a  programmatic  way  to  access 
that  data.“XML  documents  give  us  a  more  direct  connec¬ 
tion  and  a  more  flexible  robust  connection  into  that  data,” 
says  Tim  Hilgenberg,  chief  technology  strategist  for  Hewitt. 
“Instead  of  delivering  HTML  over  the  wire,  we  are  now 
delivering  XML  over  the  wire.That’s  the  difference 
between  talking  to  a  Web  page  vs.  a  Web  service.” 

Web  services  and  XML,  he  says,  make  it  easier  for  compa¬ 
nies  to  integrate  benefits  data  into  their  portals  and  for 
third  parties  to  combine  the  data  with  value-added  ser¬ 
vices, such  as  401  (k)  investment  advice.  Hewitt  also  used 
Web  services  to  build  applications  that  it  offers  to  its 
clients,  such  as  aggregating  an  employee’s  benefits  infor¬ 
mation. 

Customers  access  Hewitt’s  Web  service  from  their 

See  Web  services,  page  52 


Web  services  architecture 

Web  services  is  driving  the  deployment  of  an  architecture  in  which  various  functions  reside 
on  different  machines.  This  allows  users  to  modify  each  tier  independently  of  the  others. 


Display  tier 

■I  Includes  user  devices  such  as  PCs,  PDAs,  tablets 

U  and  phones. 

WmB 

Tier 


1 


4 


Presentation  tier 

Captures  server  information  and  formats  for 
input  to  display  devices. 


LjL  Web  tier 

■J  Executes  native  Web  applications  and  extracts 

mm  information  from  non-Web  applications. 


Tier  Application  tier 

3  Executes  native  and  legacy  applications,  and  extracts 

data  from  databases.  In  a  typical  company,  there 
might  be  dozens  to  hundreds  of  app  servers. 


Tier  Data  tier 


Provides  data  to  applications.  Many  organizations 
have  dozens  to  hundreds  of  redundant  (or  partiaSy 
redundant)  databases. 
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Building  a  foundation 

The  concept  of  Web  services  today  is  built  around  four  XML-based 
standards.  Other  standards  under  development  address  such  needs 
as  security,  workflow  and  provisioning. 

XML  (Extensible  Markup  Language) 

A  markup  language  that  provides  data  about  data. 

SOAP  (Simple  Object  Access  Protocol) 

A  message  transport  that  rides  on  HTTP. 

WSDL  (Web  Services  Description  Language) 

A  file  that  describes  the  properties  of  a  Web  service  including 
the  protocols  and  formats  it  uses.  Can  be  stored  in  UDDI 
directory  (see  below). 

UDDI  (Universal  Description,  Discovery  and  Integration) 

A  sort  ofYellow  Pages  listing  of  available  Web  services. 

Emerging  standards 

.  .     : 

Description 

. ....  — — —  - 

WS-Security 

Blueprint  for  integrating  security  systems  such  as  Kerberos 
and  PKI. 

SAML  (Security  Assertion  Markup  Language) 

A  way  to  exchange  authentication  and  authorization 
credentials  between  systems. 

WSCI  (Web  Service  Choreography  Interface); 

BPELWS  (Business  Process  Execution  Language 
forWeb  Services) 

Workflow  specifications. 

XACML  (Extensible  Access  Control  Markup  Language) 

For  expressing  policies  for  access. 
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company  portal  applications,  which  locate  Hewitt’s  Web 
services  using  a  WSDL  file  and  then  send  XML-based 
requests  wrapped  in  a  SOAP  envelope  over  HTTP  to  an 
IBM  WebSphere  Application  Server. 

On  the  server, a  Java  servlet  unwraps  the  envelope  and 
initiates  a  CICS  transaction  to  access  a  mainframe  appli¬ 
cation. The  mainframe  returns  XML-based  data  to 
WebSphere  where  it  is  wrapped  in  SOAP  and  sent  back  to 
the  portal. The  company  does  not  use  UDDI. 

Hilgenberg  says  the  keys  to  Hewitts  success  with  Web 
services  are  that  the  company  already  had  a  robust 
Web  infrastructure  on  which  it  could  piggyback,  and 
that  its  applications  were  service  oriented. 

“To  succeed  with  Web  services  your  application  has  to 
be  built  around  a  set  of  high-level  business  service,  such 
as ‘get  this  data,”’ Hilgenberg  says.“lt  can’t  be  built 
around  some  lower-level  screens  that  say  ‘update  table 
X’  or 'get  field  Y.’” 

Hilgenberg  says  the  next  level  is  guaranteed  transac¬ 
tions  and  business  process  automation. 

“Today,  most  of  the  stuff  we  are  doing  is  SOAP  over 
HTTPand  that  is  not  necessarily  reliable  delivery”  he 
says.“Today,we  only  do  updates  if  there  is  a  user  on  the 
other  end  of  the  wire.  But  when  you  start  to  talk  about 
how  can  I  get  other  systems  to  talk  to  our  benefits 
administration  system,  a  system-to-system  connection, 
you  need  guaranteed  delivery  of  those  transactions.” 

Tracking  the  mobile  cell  phone  user 

Despite  those  limitations, T-Mobile,  headquartered  in 
Bonn,  Germany,  bet  on  Web  services  two  years  ago  as  the 
foundation  for  delivery  of  data  to  mobile  workers  and 
consumers.The  company  has  middleware  built  on  50  to 
60  Web  services  that  integrate  T-Mobile  services  such  as 
identity  personalization  and  billing,  with  mobile  content 
delivery  services  for  consumers,  which  250  partners  pro¬ 
vide.  Also,  the  company  has  spent  $30  million  to  develop 
its  Service  Integration  Platform,  a  middleware  that  uses 
Web  services  to  hook  mobile  workers  into  their  corpo¬ 
rate  applications. 

On  the  consumer  side,  Web  services  help  T-Mobile  inte¬ 
grate  with  content  providers  to  give  users  features  such  as 
single  sign-on  and  itemized  billing.  For  example,  a  content 
provider  incorporates  T-Mobile’s  identity  and  billing  Web 
services  into  its  Web  applications  using  a  SOAP  interface. 
When  a  T-Mobile  user  accesses  a  content  provider  appli¬ 
cation  through  their  phone,  the  application  makes  a 


SOAP  call  to  T-Mobile  to  access  identity  information  on 
the  user. The  application  uses  that  information  to  provide 
personalized  services  and  also  to  link  into  the  billing  Web 
service. Web  services  also  are  used  to  integrate  the  plat¬ 
forms  that  T-Mobile  divisions  in  different  countries  use,  so, 
T-Mobile  can  offer  single  billing,  currency  conversion  and 
taxation  Web  services. 

“There  is  obviously  a  support  drag  on  our  organization 
to  keep  content  providers  integrated  and  tested,”  says 
Mike  Glendinning.a  consultant  at  T-Mobile. “The  fact  that 
Web  services  are  simple  and  technically  neutral  means 
we  actually  have  a  fighting  chance  of  supporting  those 
guys.”  He  says  content  providers  need  only  modify  their 
applications  with  WSDL  and  SOAPwhich  is  a  couple  of 
lines  of  code  that  T-Mobile  generates  using  tools  from 
Systinet. 

On  the  corporate  side, T-Mobile  used  .Net  to  create  its 
Service  Integration  Platform  middleware,  which  takes  in 
XML  data  from  a  corporate  customer’s  application  and 
transcodes  it  for  delivery  to  a  mobile  worker’s  device  or 
laptop  over  any  channel,  including  wireless  and  fixed 
lines.The  service  is  available  in  Germany  with  plans  for 


worldwide  rollout  over  the  next  few  years. 

“We  really  don’t  care  if  the  systems  are  Microsoft,  Unix 
or  mainframes  on  the  corporate  side,  as  long  as  the  out¬ 
put  is  in  XML  and  is  using  SOAP  and  our  extensions  for 
mobility?’ says  Hossein  Mooin,  chief  architect  and  director 
of  technology  for  T-Mobile  international  data  services.  He 
says  Web  services  gives  corporations  the  flexibility  to 
change  their  back-end  systems  and  front-end  clients 
independent  of  one  another. 

“This  was  not  possible  before,”  Mooin  says.  He  says 
T-Mobile  only  needed  to  modify  its  network  architecture 
to  provide  access  points  for  users  because  T-Mobile  re¬ 
uses  the  routing  and  monitoring  of  its  Web  infrastructure. 

“Web  services  do  offer  you  one  thing  that  we  had  great 
difficulty  with  in  the  past  with  things  such  as  [Common 
Object  Request  Broker  Architecture]  or  Object  Request 
Brokers,  and  that  is  having  this  notion  of  components 
that  serve  each  other  as  opposed  to  monolithic  architec¬ 
tures,”  Mooin  says. 

He  says  the  benefit  of  Web  services  clearly  is  simplifi- 
cation:“Sometimes  you  go  in  and  you  recall  how  long  it 
took  you  to  do  things  in  the  old  days. You  say, ‘Wow’”  ■ 


Lydian  revs  up  automobile 
loan  business  with  Web  services 


■  BY  JOHN  FONTANA 

When  John  Studdard  talks  about  auto 
loans  he  says  he  likes  to  think  the  “auto” 
stands  for  .utomated  not  automobile. 


That's  because  Studdard,  CTO  for  Lydian  Trust,  a  finan¬ 
cial  sendees  company  in  Palm  Beach  Gardens,  Fla.,  has 
created  an  automated  car  loan  processing  system  called 
BizCap  that  uses  Web  services  to  turn  an  auto  loan  busi¬ 
ness  losing  hundreds  of  thousands  of  dollars  a  year  into 
one  that’s  making  a  profit. 

A  year  ago,  Lydian  deployed  BizCap  to  pull  auto  loan 


applications  off  the  Web  and  process  them.  BizCap 
includes  a  series  of  Web  services  that  use  XML  to  inte¬ 
grate  data  and  perform  duties  such  as  fraud  and  credit 
checks  needed  to  evaluate  a  loan  applicant. 

BizCap  also  has  Web  services  that  act  as  data  integra¬ 
tion  points  with  partner  systems.There  also  are  Web 

See  Lydian,  page  54 


The  world’s  fastest  workgroup  color  printer  has  arrived. 
The  Xerox  Phaser®  7300.  You’d  better  hang  on. 
There’s  a  new  way  to  look  at  it. 


Now  color  speeds  through  any  office  at  30  ppm. 

The  Xerox  Phaser®  7300  tabloid  color  printer 
heats  all  speed  records  for  workgroup  color 
printing.*  And  at  37  ppm  black  and  white,  it 
eliminates  the  need  for  multiple  printers. 
You  get  consistent  2400-dpi  color  that’s  always 
bright,  sharp  and  brilliant.  The  Phaser  7300 


automatically  selects  the  correct  paper  size 
for  any  job,  up  to  12  x  18.  So  experience  a 
colorful  flurry  of  productivity  with  the 
Phaser  7300.  Or  let  your  office  soar  with  our 
full  line  of  reliable,  award-winning  network 
printers  bv  calling  1-800-362-6567  ext.  1930 
or  visiting  xerox.com/officeprinting/bird1930 


The  document  company 

XEROX. 


•Based  on  rated  print  speed  of  workgroup  printers  in  the  $1,000-5.000  estimated  retail  price  category 
©  2002  XEROX  CORPORATION.  All  rights  reserved.  Xerox.*  The  Document  Company*  Phaser*  and  There's  a  new  way  to  look  at  it"  are  trademarks  of  XEROX  CORPORATION. 


Web  services 


'  V  -Xv 

A 


Running  a  solid 
business  is ... 
about  keeping  the 
rain  off  of  you.” 


John  Studdard 

CTO,  Lydian  Trust 
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services  that  connect  BizCap  with  Lydian’s  manual  work- 
flow  system  for  human  tasks,  such  as  evaluating  special 
cases  or  mailing  paper  documents. 

BizCap  uses  secure  HTTP  to  post  XML-based  docu¬ 
ments  to  specific  URLs  on  its  intranet  that  are  actually 
Web  services.  From  there,  other  systems  pick  up  the  doc¬ 
uments,  process  the  data  and  respond.  In  the  future,  the 
documents  will  be  sent  via  Simple  Object  Access 
Protocol,  which  will  allow  for  more  sophisticated  pro¬ 
grammatic  integration. 

But  for  now  BizCap,  which  took  $250,000,  three  develop¬ 
ers  and  a  business  analyst  six  months  to  develop  and  test, 
is  eclipsing  the  previous  system  that  required  that  a 
human  evaluate  all  applications  during  the  approval 
process. 

Now  only  30%  of  applications  need  human  review, 
which  has  let  Lydian  increase  the  number  of  loan  appli¬ 
cations  processed  per  day  from  60  to  600  without  adding 
any  full-time  employees.  And  with  a  forthcoming  BizCap 
upgrade,  Studdard  expects  that  number  to  hit  2,000  with¬ 
out  adding  staff  or  changing  network  architecture. 

Studdard  also  is  plotting  to  reuse  the  BizCap  model  to 
supercharge  Lydian’s  mortgage  business,  which  gener¬ 
ates  $100  million  per  month  in  loan  origination.  And  he 
is  building  a  set  of  Web  services  called  iCoreServices 
Interfaces  that  will  sit  in  a  directory  and  can  be  called 
on  via  a  URL  to  perform  duties  such  as  user  authentica¬ 
tion  for  any  of  Lydian’s  future  Web-based  applications. 

“Web  services  really  commoditizes  the  services  that  we 
can  offer  without  the  complexity  of  the  infrastructure 
getting  in  the  wajf  Studdard  says.“You  can  kick  out  a 
Web  services  .exe  file,  throw  it  in  a  directory,  point  a  URL 
to  it,  and  something  can  happen  now” 

He  says  Web  services  provide  a  loosely  coupled  archi¬ 
tecture  that  spreads  out  processing  duties  and  increases 
scalability.in  our  c  ise.Web  services  have  really  cleaned 
up  a  lot  of  monolithic  stuff  we  were  building,” he  says. 


Lydian’s  previous  auto  loan  approval 
process,  which  was  a  hodge-podge  of 
automated  SQL  tasks  and  Windows  NT 
service,  made  the  database  a  workhorse 
that  not  only  served  up  data  but  also 
processed  it. The  database  was  susceptible 
to  crippling  volume  spikes,  and  there  were 
often  “train  wrecks,”  in  which  a  failed 
process  would  mean  starting  all  over 
again, Studdard  says. 

“We  had  wrapped  [Component  Object 
Model]  components  into  extended 
stored  procedures,  all  kinds  of  tech¬ 
niques  that  appeared  to  be  crafty  things, 
but  didn’t  scale,”  he  says. 

With  BizCap  and  Web  services,  the  pro¬ 
cessing  load  is  spread  around,  and  the 
database  is  back  to  its  old  job,  serving  up 
data. 

BizCap,  which  was  built  using  Microsoft’s 
.Net  technology  works  on  the  back  end 
after  a  user  completes  an  auto  loan  appli¬ 
cation  at  Lydians  Virtual  Bank.com  Web 
site  or  with  Lending  Tree,  a  partner  inte¬ 
grated  through  a  Web  service  that  directs 
XML-based  applications  to  BizCap. 

When  the  customer  hits  the  “submit”  but¬ 
ton,  loan  application  data  is  sent  as  an 
XML  document  to  a  queue  based  on 
Microsoft  Message  Queue,  which  guaran¬ 
tees  delivery  From  there,  it  is  picked  up  by 
Microsoft  BizTalk  Server,  an  XML  data 
transformation  and  business  process 
workflow  engine  that  runs  on  Windows 
2000  and  is  the  cornerstone  of  BizCap. 
BizTalk  then  becomes  a  virtual  back- 
office  employee,  organizing  and  ensuring  execution  of  a 
series  of  steps  the  application  must  go  through. 

“The  goal  is  to  get  the  application  as  far  down  the 
automated  BizCap  path  before  it  has  to  go  to  a  person,” 
Studdard  says. 

BizCap  assigns  an  account  number  and  enters  data 
into  a  cluster  of  seven  Microsoft  SQL  Server  2000  data¬ 


bases,  which  run  on  dual  processor  Compaq  ProLiant, 
Pentium  4,800-MHz  Xeon  servers  connected  to  an  EMC 
storage  array. 

BizCap  then  starts  a  decision  engine  that  checks  fraud 
and  credit  on  the  applicant. 

BizCap  packages  relevant  data  into  an  XML  document 
and  sends  it  over  the  Internet  via  a  VPN  to  Lydian’s  fraud 
partner,  Equifax,  which  sends  an  XML-based  fraud  score 
back  through  the  Web  service.  Previously,  a  Lydian 
employee  had  to  call  a  toll-free  number,  read  the  infor¬ 
mation  over  the  phone,  pick  up  a  return  fax  and  key  the 
fraud  score  into  the  system. 

Now  BizCap  gets  the  score  directly,  analyzes  it,  and 
declines  the  application  or  moves  it  on  to  the  credit 
check  Web  service,  which  operates  like  the  fraud  service. 
Lydian  s  credit  checks  are  done  through  Digital  Matrix 
Systems,  which  aggregates  data  from  three  credit 
bureaus  into  a  single  XML  document  it  feeds  to  Lydian 
through  a  Web  service  interface. 

If  the  fraud  or  credit  check  produces  exceptions  Biz¬ 
Cap  can’t  understand,  the  application  is  kicked  out  to  a 
person  through  another  Web  services  interface. That 
interface  accepts  XML  documents  and  directs  them  into 
the  appropriate  queue  for  human  evaluation.  Once  the 
exception  is  worked  out,  the  application  can  be  fed 
back  to  the  BizCap  system  through  the  same  Web  ser¬ 
vice  for  further  automated  processing. 

Once  the  application  is  approved  or  declined, 

BizCap  again  sends  it  through  the  Web  services  inter¬ 
face  to  a  queue  where  a  customer  service  representa¬ 
tive  takes  over.  BizCap  also  automatically  triggers  print¬ 
ing  of  a  rejection  or  acceptance  letter  and  other  sup¬ 
porting  documents. 

BizCap  also  has  automated  another  option.  If  the 
loan  is  declined  because  the  applicant’s  credit  score  is 
too  low,  Lydian  can  pass  the  applicant  to  one  of  three 
partners  that  pay  a  referral  fee  for  the  names  of  high- 
risk  applicants. 

Studdard  says  he  thinks  of  Web  services  as  something 
practical,  like  using  an  umbrella  to  keep  the  rain  off, 
rather  than  trying  to  convert  it  into  a  crazy  flying 
machine.“Running  a  solid  business  is  not  about  that.  It’s 
about  keeping  the  rain  off  of  you,”  he  says.  ■ 
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Building  better  networks 
today  and  tomorrow. 

Help  lower  your  organization's  operational  and  IT 
maintenance  costs,  and  improve  productivity 
with  3Com  networking  solutions.  3Com  gives 

you  a  choice  in  voice  and  data  networking 
technologies,  wired  or  wireless,  modular 
or  stackable.  Whatever  your  networking 
environment,  3Com  offers  high  performance, 
practical-to-use,  innovative,  cost-effective 
enterprise  solutions  that  can  be  customized  to 
meet  your  current  and  future  business  needs. 

•  Build  a  distributed  core  network  that  allows 
you  to  incrementally  add  value  to  your 
infrastructure  one  piece  at  a  time  so  you  can 
avoid  getting  locked  into  an  expensive  chassis- 
based  system  that  doesn't  fit  your  current  needs. 

•  Deploy  solid  network  security  that  includes 
hardware  firewalls  for  individual  laptops  and 
desktops,  and  provides  hardcore  solutions  for  the 
rest  of  your  network. 

•  Revolutionize  your  organization's  infrastructure 
with  IP  Telephony  for  maximum  economic  and 
resource  efficiency. 


Needs  to  optimize  the  network  on  a  budget. 
Needs  to  plan  for  the  future.  B 


•  Help  improve  productivity  with  a  wireless 
network  that  encompasses  WLAN  and 
Bluetooth. 


Needs  choices. 


3Com  offers  compelling  networking  solutions  for 
education,  state  and  local  governments, 
and  businesses. 

Visit  www.3com.com/needs3com10 
or  call  1-888-906-3266  ext.  525. 
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■  BY  JOHNA  TILL  JOHNSON 

Nemertes  Research  worked  with  45  companies  to  bench¬ 
mark  how  they’re  deploying  Web  services,  what  benefit 
they’re  achieving,  and  how  they’re  measuring  and  monitoring 
the  performance  of  these  services. 

The  companies  spanned  a  range  of  industries:  financial  ser¬ 
vices,  pharmaceuticals,  healthcare,  retail,  manufacturing,  distri¬ 
bution  and  others. They  also  ran  the  gamut  from  small  (less 
than  $10  million  in  annua!  revenue)  to  large  ($10  billion  and 
greater),  although  most  had  $1  billion  or  more. 

We  uncovered  several  key  trends: 

•  Business  goals  for  Web  services  extend  beyond  reducing 
the  operational  cost  and  improving  productivity  of  IT 
departments.  Companies  want  to  reduce  costs  within  IT  and 
across  the  company  as  a  whole;  improve  customer  satisfac¬ 
tion;  and  increase  revenue  by  increasing  channels  and 
improving  productivity.  Are  they  succeeding?  It’s  too  early  to 
say  definitively,  but  early  indications  are  promising. 
Companies  that  can  measure  results  reported  an  80%  to  90% 
decrease  in  the  cost  of  application  deployment,  with  even 
greater  cost  reductions  anticipated  overall  in  conjunction 
with  other  IT  initiatives  such  as  standardization,  centraliza¬ 
tion  and  consolidation. 

•  Functionally,  the  single  largest  application  for  Web  ser¬ 
vices  is  the  creation  of  internal  or  external  “application  por¬ 
tals.”  This  lets  companies  reduce  support  costs  and  improve 
productivity  by  providing  users  (whether  employees,  partners 
or  customers)  with  a  single  source  for  all  their  applications. 

•  Most  companies  are  in  the  prototype  stage.  Many  have 
been  pleasantly  surprised  by  the  low  cost  and  ease  of  rolling 
out  their  initial  Web  services  frameworks.  However,  they  antic¬ 
ipate  that  the  real  cost  and  challenge  lies  in  “fleshing  out” 
these  frameworks  to  support  production  applications.  For 
example,  a  majority  of  respondents  said  they  have  not  yet 
made  their  Web  services  deployments  redundant. 

•  Web  services  deployments  are  expensive,  but  worth  it. 
While  prototype  deployments  cost  in  the  $50,000  range,  full 
deployment  of  a  Web  services  architecture,  including  hard¬ 
ware,  software,  labor  and  ancillary  costs,  typically  run  on  the 
order  of  $10  million.  Many  organizations  are  undertaking  Web 
services  deployments  in  conjunction  with  other  initiatives,  par¬ 
ticularly  data  center  centralization  and  application  consolida¬ 
tion. The  overall  ROI  of  these  initiatives  is  anticipated  to  be 
extremely  high,  with  Web  services  playing  a  critical  role. 

•  Web  services  is  driving  the  deployment  of  “N-tier”  archi¬ 
tectures,  in  which  data,  legacy  applications,  Web  applica¬ 
tions  and  presentation  services  reside  on  disparate 
machines.  The  tiers  in  an  N-tier  architecture  serve  similar  pur¬ 
poses  to  the  layers  in  the  Open  Systems  Interconnection 
model  by  providing  clearly  defined  interfaces.They  let  users 
enhance  and  modify  each  tier  independently  of  the  others. 

•  Finally,  Web  services  deployments  are  helping  to  acceler¬ 
ate  key  organizational  changes  both  within  IT  organizations 
and  between  IT  organizations  and  companies.  Within  IT 
organizations,  Web  services  generally  are  construed  as  “infra¬ 
structure" —  and  therefore  are  most  often  managed  by  infra¬ 
structure,  rather  than  application-development  groups.  Web 
services  also  are  driving  corporations  toward  viewing  IT  as  a 
strategic  business  unit  rather  than  a  cost  center  or  services 
organization,  highlighting  the  need  for  better  ways  to  quanti¬ 
tatively  measure  the  value  of  IT  investments. 

Johnson  is  president  and  chief  research  officer  at  Nemertes 
Research,  an  independent  technology  research  firm.  She  can 
be  reached  at  johna@nemertes.com. 


Survey  results  are  encouraging 

In  Nemertes’  work  with  45  companies,  most 
are  in  the  early  deployment  phase.  They  report 
that  Web  services  are  being  used  primarily  to 
build  internal  application  portals,  external 
application  portals  and  B2B  extranets.  The  cost 
of  prototypes  is  relatively  small,  but  a  full¬ 
blown  deployment  can  cost  $10  million. 
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Business  goals  of  Web  services 


Introducing  the  network  VPN  that  can  honestly  say. 


applications  from  anywhere  on  your 


r  ou  can  use  your  existing  access  equipment, 
or  we'll  supply  it.  Were  listening  to  business  needs  like  no 


and  answering  with  solutions  from  long 


to  wireless  and  optical  networking.  For  more 


info,  visit  www.bellsouth.com/business/answers 


Sign  up  for  BellSouth®  Managed  Network  VPN  Service 


BellSouth®  Managed  Network  VPN  Service  gives  you 
a  complete  network-based  solution  for  secure  site-to-site 
connectivity,  remote  access  and  Internet  access. 
We  support  the  ways  you  connect  from  DSL  to  OC3  and 
manage  it  all  on  one  integrated  platform.  You'll  get 
greater  overall  performance  with  streamlined 
operations.  Greater  security.  Greater 
flexibility.  Greater  ability  to 
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Next  Level 


Be  part  of  the  one  can't-miss 
event  for  serious  Networking 
and  IT  professionals. 


NETWORLD+INTEROP  LAS  VEGAS  2003 

Networking  is  changing  faster  than  any 


In  Las  Vegas  this  spring  you'll  find  the 
ultimate  networking  experience  and 
real-world  solutions  in  these  key  areas: 


Security 

Wireless 

Storage 

Network  Management 


■  VoIP 

■  Convergence 

■  Web  Services 

■  And  more! 
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The  outsourcing  impact 

Find  out  how  IT  managers  handle  the  employee  aspects  of  outsourcing. 


■  BY  LINDA  LEUNG 

In  October  2000,  Michael  O’Neill  had  just 
put  a  down  payment  on  a  house,  and  he 
and  his  wife  were  excitedly  awaiting  the 
birth  of  their  baby  But  one  day  at  work  as  a 
LAN  administrator  for  one  of  the  country’s 
largest  insurance  firms,  he  and  130  of  his 
colleagues  were  told  the  company’s  LAN 
administrative  and  help  desk  functions 
were  being  handed  over  to  an  outsourcer. 

“When  it  happened  I  was  angry  and  confused.  What-ifs 
ran  through  my  mind,”  O’Neill  says.“I  was  looking  for  secu¬ 
rity  —  1  wanted  a  steady  salary  package.” 

O’Neill  had  been  with  his  employer  for  five  years  and 
thought  he  would  work  there  until  retirement.  But  the 
company,  which  asked  not  to  be  identified,  decided  to 
cut  costs  by  outsourcing  IT  functions  to  Unisys  in  a 
three-year  contract. 

As  part  of  the  deal,  O’Neill  and  30  other  IT  pros  moved 
to  Unisys;  the  others  resigned,  were  laid  off  or  offered 
other  positions.  He  now  works  at  the  same  office  and 
continues  to  manage  the  insurer’s  LAN,  but  his  pay- 
checks  come  from  Unisys,  and  his  title  is  senior  cus¬ 
tomer  service  engineer. 

A  Meta  Group  study  says  nearly  all  North  American  IT 
departments  will  outsource  at  least  one  essential  technol¬ 
ogy  operation  by  2005.  Last  year,  almost  three-quarters  of 
North  American  IT  departments  outsourced  between  10% 
and  50%  of  their  IT  functions,  and  spending  on  outsourc¬ 
ing  is  growing  at  a  20%  annual  rate  worldwide. 

C  y 

Zipped  lips 

Here  are  the  pros  and  cons  of  not  informing 

staff  about  plans  to  consider  outsourcing. 

Pros: 

•  Prevents  attrition  of  key  personnel. 

•  Lets  IT  managers  make  objective  decisions. 

•  Reduces  uncertainty/fear  during  decision  process. 

Cons: 

•  Reduces  trust  of  IT  managers. 

•  Reduces  confidence  among  remaining  employees. 

•  Results  in  disloyalty  and  exodus  of  affected  employees. 

SOURCE:  META  GROUP 
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Of  the  corporations  that  outsource,  60%  of  those  deals 
also  involve  the  acquisition  of  the  user  organization’s  IT 
staffers,  according  to  Meta. 

Network  executives  who  consider  outsourcing  need  to 
give  much  thought  to  the  people  aspect  of  the  deal,  as 
well  as  the  transfer  of  systems,  to  reap  the  promised  bene¬ 
fits.  One  consideration  is  when  to  broach  the  dreaded  ‘O’ 
word  to  your  staff  —  at  the  outset  of  the  due  diligence 
process  with  the  potential  supplier  or  after  the  contract 
has  been  signed? 

O’Neill  and  his  co-workers  were 
angry  because  they  weren’t  told 
about  the  deal  in  advance.  Ru¬ 
mors  had  begun  to  circulate  that 
summer,  and  management  denied 
it.Thirty  to  45  days  later  we  were 
told  it  was  all  a  lie,”  he  says. 

Similarly,  Rick  Tompkins,  director 
of  network  engineering  for  CSC 
Americas,  was  not  told  that  his  for¬ 
mer  employer,  aerospace  and 
defense  group  General  Dynamics, 
was  going  to  outsource  all  of  its  IT 
operations  to  CSC  until  his  com¬ 
pany  was  ready  to  sign  the  deal.  Ultimately,  though,  all  of 
the  1 ,200  affected  IT  staffers  were  offered  jobs  at  CSC. 

Tompkins  says  there  are  benefits  to  managers  holding 
their  cards  close  to  their  vests.“If  people  find  out,  they 
will  want  to  know  everything  —  you  shouldn’t  say  any¬ 
thing  unless  you  have  something  to  tell  them,”  he  says. 
Good  people  might  get  jittery  and  resign,  and  staff  will 
get  upset  over  nothing  if  managers  decide  not  to  out¬ 
source  after  all. 

Steve  Beilis,  vice  president  of  IT  at  medical  and  indus¬ 
trial  gases  supplier  Air  Liquide  America,  forewarned  his 
IT  employees  during  the  company’s  three-month  due 
diligence  process  with  CGI.  In  November  2001,  the  com¬ 
pany  and  its  sister  company,  Air  Liquide  Canada,  out¬ 
sourced  their  day-to-day  IT  operations  to  CGI,  and  86  IT 
staffers  from  both  firms  moved  to  CGI. 

“We  could  have  either  tried  to  keep  it  a  secret  or  have  a 
more  open  process  and  deal  with  the  feelings  people 
would  inevitably  have,”  he  says. “Whatever  decision  we 
would  ultimately  make,  getting  key  IT  people  to  partici¬ 
pate  in  the  due  diligence  process  helped.” 

Many  outsourcing  firms  advise  customers  to  provide  as 
much  information  as  they  can  to  their  staffers  by  posting 
FAQs  and  making  senior  executives  available  to  affected 
employees.  Owen  Snyder,  senior  human  resources  busi¬ 
ness  partner  at  Unisys, says:“People  have  fears  and  they 
don’t  like  change,  and  you’ll  have  to  make  the  changes 
comfortable.They’ll  worry  about  whether  they’ll  retain 
their  jobs,  whether  they’ll  have  to  prove  themselves  to  the 
new  company  and  they  are  concerned  about  their  bene 


fits  —  medical,  pension  and  401  (k).” 

When  he  was  told  about  the  CSC  contract, Tompkins,  a 
13-year  General  Dynamics  veteran,  was  concerned  that 
his  salary  would  be  reduced  to  boost  the  company’s  sav¬ 
ings.  But  his  fears  were  soon  allayed  when  CSC  assured 
him  that  his  benefits  and  salary  would  be  matched. 

At  CGI,  staff’s  length  of  service  at  Air  Liquide  was  credit¬ 
ed  toward  CGI’s  vacation  allowance  for  each  employee. 

It  is  not  unusual  for  affected  employees  to  be  offered 


bonuses  to  help  ease  the  transition.  For  instance,  CGI  pro¬ 
vided  retention  bonuses  to  affected  Air  Liquide  staff  to 
encourage  them  to  stay  through  the  transition  period, 
which  ranged  from  six  to  18  months,  depending  on  the 
project.  And  O’Neill’s  former  employer  offered  employees 
bonuses  to  remain  until  the  start  of  the  transition  period. 

Because  the  nature  of  outsourcing  is  to  reduce  the 
cost  of  managing  IT,  layoffs  might  be  inevitable  if  job 
and  skills  overlap  between  both  organizations. 

Not  all  affected  IT  professionals  at  the  insurance  com¬ 
pany  were  offered  positions  at  Unisys,  and  the  chosen 
weren’t  informed  until  a  few  weeks  before  the  start  of  the 
contracts  would’ve  liked  to  have  known  what  1  was  up 
against  [earlier  on],  I  would  have  put  feelers  out  in  other 
areas.  Some  people  had  all  their  eggs  in 
one  basket,”  O’Neill  says. 

Despite  the  initial  uncertainty  ai 
upheaval,  both  O’Neill  and 
Tompkins  are  happy  about  their 
changes.They  enjoy  more  train¬ 
ing,  the  chance  to  work  with  like- 
minded  people,  and  increased 
opportunity  for  promotion. 

Within  four  years  of  his  transi¬ 
tion, Tompkins  went  from  manag¬ 
ing  General  Dynamics’  12-person 
telecom  team  to  becoming 
director  of  network  engineering 
for  CSC  Americas,  overseeing  its 
300-person  staff.  ■  DocFirder.  4622 
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I  ft Whatever  decision  we  would 
ultimately  make,  getting  key  IT 
people  to  participate  in  the  due 
diligence  process  helped.  9  9 

Steve  Beilis 

Vice  president  of  IT,  Air  Liquide  America 


IVSore  online! 


Find  out  what  employee  issues 
you  need  to  think  about  when 
considering  outsourcing. 
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10/100  BaseT  Ethernet 

IP  for  HTML.  SNMP  & 
Telnet  Management 


RS-232 

Serial  Management 


Link  Port 
(daisy  chains  to) 

Expansion  Module 


Power  Tower  XL 

•  Outlet  Grouping  across 
power  circuits 

•  Input  Current  Monitor 

•  New  HTML  GUI 

•  Power-up  Sequencing 

•  Zero  U  vertical  and  Rack- 
mount  horizontal  models 

•  Add  a  second  Power  Tower 
to  manage  32  power-ports 

.  V-  -  *  ’X 

f  Sentry  Power  Tower. 

Equipment  Cabinet  Solutions. 


Server  Technology,  Inc. 


1040  Sandhill  Drive  Reno,  Nevada  8951 1  USA 
web:  www.servertech.com  toll  free:  1.800.835.1515 


SENSAPHONE® 

IMS-aODD 


Sends 

SNMP 

Messages 


Monitors 

64 

IP  addresses 


Embedded 

Web 

Server 


Sends 

E-Mail 


Power 

Outage 

Alarming 


Internal 

UPS 


Internal  Voice, 
Power  Ethernet  Modem 
Control  Port  &  Pager  Port 
Interface 


8  Rj-45  Sensor  Inputs 

(Temperature,  Humidity, 
Water,  Motion,  Power, 
Smoke/Fire) 


Microphone 

for  Sound 
Monitoring 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 
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MORE  REASONS  TO  CALL  MOVINCOOL. 
#1  IN  PORTABLE  SPOT  AIR  CONDITIONING 
FOR  OVER  30  YEARS. 


►  Protects  against  excessive  heat 

►  Prevents  costly  system  failures 

►  Increases  productivity  and  manufacturing  quality 

►  Up  to  60,000  Btu/h  of  cool  air 


►  No  costly  installation 

►  Affordable  rent,  lease  or  purchase  options 

►  The  only  ETL-verified  portable  air  conditioner 
for  performance 


Call  800-264-9573  or  visit  www.movincool.com  to  ask  about  our  affordable  leasing  options! 


MOVINCOOL. 


THE  #1  PORTABLE  SPOT  COOLING  SOLUTION 
02003  DENSO  Sales  California.  Inc  MovinCool,  Spot  Cool  and  Office  Pro  are  registered  trademarks  of  DENSO  Corporation 
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When  things  go  wrong 
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...ensure  the 


availability  of 


your  server 
and  network 
with  Cyclades 


The  AlterPath“ACS  family  of  Advanced  Console  Servers  provides 
IT  professionals  a  universal  gateway  for  server  and  network 
management.  Now  you  can  manage  your  data  center  with  the 
tools  you  need  for  those  unplanned  downtimes  -  anywhere,  anytime. 

Featuring  two  PCMCIA  slots  for  enhanced  functionality,  the 
AlterPath"ACS  supports  many  PC  cards,  including  Ethernet, 
modem  (V.90,  ISDN  and  GSM)  and  wireless  LAN.  The  dual  power 
supply  provides  extra  reliability  to  the  console  server,  ensuring 
availability  during  critical  times. 

The  AlterPath'“ACS  provides  IT  managers  and  system  administrators 
an  alternative  access  path  to  the  data  center,  allowing  higher 
network  uptime. 


Applications: 

Server  and  Network  Management 
Industrial  /  Commercial  Automation 
Ethernet-attached  Serial  Board  Replacement 

Benefits: 

Security  (  ,  IP  Filtering,  RADIUS  ) 

Redundancy  (dual  power  supply) 

Flexibility  to  support  existing  and 
future  interface  types  (PCMCIA  support)  , 

Flexibility  and  rock-solid  stability  (Linux  Inside 

. 

Rack  space  savings  (I  U  form  factor); 
Network  monitoring  (Off-line  data  buffering) 


your  FREE  “Guide  to  Console  Management"  booklet  at  www.cyclades.com/cas.pdf 


**»* 

**** 

"Best  Hardware  for 
Linux'since  1995" 


www.cyclades.com/nw 

sales@cyclades.com 
1.888. CYCLADES 
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Everywhere  with  Linux 


©2003  Cydodes  Corporation.  All  rights  reserved.  All  other  trademarks  and  product  images  are  property  of  their  respective  owners.  Product  information  subject  to  change  without  notice. 


■  Connects  to  standalone  computers  or  any  KVM  switch 

■  High  quality  16-bit  video  at  up  to  1280x1024  resolution 

■  Easy  to  install,  give  it  an  IP  address  and  run  the  Viewer 
program,  no  user  license  required 

■  Encrypted  communication  produces  highly  secure  operation 

■  Scaling  and  scrolling  features  for  maximum  flexibility 

■  Single  mouse  cursor  simplifies  user  interface 

■  See  four  servers  from  one  screen  with  quad  screen  mode 

■  Lifetime  free  flash  upgrades 
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Ethernet  or  dial-up  from  ANYWHERE 
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UltraLink 


UltraLink  sets  a  new  standard  in  remote  management  of  server  room 
environments.  It  saves  you  money  by  allowing  you  to  centralize  your  IT 
resources.  Since  it  does  not  depend  upon  software  loaded  on  your 
computers,  it  deploys  easily  and  works  on  any  operating  system,  such 
as  Windows,  Linux,  Solaris,  Unix,  or  OSX. 


Rose  Electronics 
10707  Stancliff  Road 
Houston,  TX  77099 


The  UltraLink  digitizes  the  remote  computer's  video.  It  then  scales, 
compresses,  encrypts,  and  packetizes  it  into  the  TCP/IP  protocol.  At 
your  PC  the  free  Viewer  application  receives  and  displays  the  video  and 
sends  back  keyboard  and  mouse  data.  This  process  allow  you  to  access 
remote  computers  from  anywhere. 

Rose  is  a  leading  manufacturer  of  switching,  extension,  and  access 
products.  As  a  KVM  industry  pioneer,  Rose  is  known  for  its  technically 
superior  and  price  competitive  products. 

Join  the  ranks  of  many  successful  companies  using  UltraLink,  call  Rose 
to  learn  more  about  KVM  Access  over  IP  as  well  as  KVM  Switches  and 
Extenders. 


USA  toll  free  800  333  9343 
ROSE  US  281  933  7673 
ROSE  Europe  +44(0)  1264  850574 
ROSE  Asia  +617  3427  5353 

WWW.ROSE.COM 
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ELECTRONICS 


Medical 

monitoring 


Modems 


Cash 
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Reciept 

printers 


Card 
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Hospitality  ? 


Healthcare 


rocns-Gontrol 


Connect  with  ease! 

RS-232,  RS-422  &  RS-485  serial  connectivity  for  a  wide  variety  of  applications 


i 
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ESP  Family  of  Serial  Hubs 

Connect  serial  ports  at  the  point  of  need  and 
eliminate  cabling  nightmares.  ESP  Multi- Interface 
models  support  RS-232,  RS-422  and  RS-485 
serial  protocols  for  a  wide  range  of  applications. 


NEW!  ESP-2  Ml 


ESP-2  Ml  Serial  Hub 

The  ESP-2  Ml  is  a  compact  Multi-Interface,  2-port 
serial  hub  that  provides  versatile  RS-232,  RS-422 
and  RS-485  support  for  industrial/manufacturing 
and  commercial  applications. 


Call  today  for  a  FREE  30-day  product  evaluation:  1-800-275-3500,  Ext.  615  or  954-746-9000,  Ext.  615 
Email:  sales@equinox.com  -  intlsales@equinox.com.  For  more  information  visit  www.equinox.com 


EQUINOX 

an  Avocent  Company 


Reach 
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•  Unparalleled  Price  -  offering  the  lowest  cost/MB  available  today 

•  Unmatched  Capacity  -  up  to  8  TB 

•  Performance  -  reach  up  to  240  MB/sec.  sustained  throughput 

•  Connectivity  -  Fibre  Channel  and  SCSI  interfaces  for  increased  flexibility 

•  Interoperability  -  certified  with  all  leading  hardware  and  software  vendors 

•  Ease  of  Integration  -  plug  &  play  with  auto-configuration  gets  you  up  and 
running  quickly 


710.691.1939 

attotech.com/nwwd 


Power  Behind  the  Storage 

RAID  storage  arrays  •  Fibre  Channel  bridges  •  IP  bridges 
•  SCSI  and  Fibre  Channel  host  adapters 
Fibre  Channel  hubs  •  SAI\I  connectivity  software 


ATTO  Technology,  Inc. 
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The  Hub  of  the  Hetwork  Buy 


Experience  Counts.  Since  1 994  GTA 
has  been  building  solid,  dependable 
firewall  systems.  For  the  past  8  years 
our  line  of  firewall  products  have  met 
the  demands  of  small  to  medium 
sized  businesses  worldwide.  To  learn 
more  about  our  family  of  firewalls  visit 
our  website  or  contact  a  GTA  channel 
partner. 
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Prop  up  a  pillow  and  join  the  remote  revolution  today! 


[  >ownlo*d  www.netsupport-irvc.com 
or  call  toll  free  at  1 .883.665.0808. 


Ne^fSupp^yt 


NetSupport  Manager  new  version  8.0  remote  control  software  securely  connects  you  with 
your  coworkers  to  support  their  systems  anywhere  over  a  LAN,  WAN  and  the  Internet. 

NetSupport  Manager  provides  fast,  secure  remote  PC  access,  enhanced  hardware  and 
software  inventory,  a  new  Internet  gateway,  system  status  reporting,  desktop  integration, 
Mac  &  Linux  support,  automated  scripting,  file  transfer,  remote  deployment  and  much  more. 


N&TSUPPORT  MANAGfcR 

New  Version  8.0! 


Remote  Control 


Enhanced  Inventory 
Internet  Gateway 
System  Status  Reporting 
Mac  &  Linux  Support 
Desktop  Integration 
Show  to  Many 
View  Multiple  Screens 
File  Distribution 
Chat,  Help  and  Message 
Profiled  Security 
Remote  Deployment 
Automated  Scripting 


New!  APC  solves  top  4  rack  problems. 


TOP  FOUR  RACK-BASED  PROBLEMS 


PROBLEM  I  SOLUTION 


1 

Cabling 

Nightmares 

Additional  enclosure  depth  for  better 
cable  management  and  power  distribution 

2 

Hot  Spots 

Optimal  cooling  distribution  and  heat 
exhaust  for  rack  environments 

3 

Blown  Circuit 
Breakers 

Monitoring  of  power  and  environment  at 
rack  helps  avoid  downtime 

4 

Brand 

Incompatibility 

Vendor-neutral  mounting  backed  up  by 
"Fits  like  a  Glove"*  money-back  guarantee 

Benefit  today  from  optimal  cable  management, 
effective  cooling,  and  remote  power  distribution. 
The  NetShelter®  VX  rack  enclosure  supports  your 
entire  data  environment,  including  servers,  net¬ 
working  and  communications,  and  storage  devices. 


With  a  full  range  of  compatible  APC  components, 
you  can  customize  a  solution  to  fit  current  avail¬ 
ability  needs,  and  build  upon  this  foundation  as 
future  requirements  change.  Why  wait?  To  find  out 
more  today,  visit  us  online  at  www.apc.com. 


NetShelter®  VX  Enclosures  rx- certified i 

Next  generation,  high-quality  enclosures 

•  Fully  ventilated  front  and  rear  doors  with  enhanced  ventilation  pattern  maximize  airflow 

•  Overhead,  base  and  side  cable  access  provides  easy,  integrated  cable  management 

•  Rear  Cabling  Channel  (42"deep  versions  only)  allows  for  easy  installation, 
access  and  serviceability  of  both  data  cables  and  power  distribution 

•  Available  in  multiple  configurations:  35.5"  deep,  42"  deep,  beige  or  black 


NetSheltfir®  Open  Frame  Racks  (x -certified)  14 -postoniyl 

Economical  solutions  for  wiring  closets  and  networking  applications 

•  Designed  to  accommodate  networking  devices  such  as  hubs,  routers  and  switches 

•  Industry  standard  7'  high  design  provides  45U  of  equipment  mounting  space 

•  Self-squaring  design  allows  one-person  assembly 

•  Made  of  high-strength  6061 -T6  structural-grade  aluminum 

Air  Distribution  Unit  (ADU)  (x -certified) 


2U  rack-mounted  fan  unit  distributes  cool  air  to  rack  enclosure  equipment. 

.  For  racks  up  to  3kW  of  power  consumption  on  raised  floors 
.  Adds  30%  efficiency  air  filtration  to  supply  air  for  equipment  intake 
.  Delivers  equalized  airflow  from  the  bottom  to  the  top  of  the  rack  enclosure  with  dual  fans 
.  Adjustable  depth  to  fit  most  leading  enclosures 


Air  Removal  Unit  (ARU)  (X-CERTIF1ED) 

Heat  removal  for  enclosures  in  IT  rooms  and  data  center  hot  spots 

.  Enables  up  to  7.5kW  of  power  consumption  in  a  rack,  without  taking  up  U  space 
.  Automatic  fan  speed  adjustment  leads  to  greater  energy  efficiency 
•  Dual-power  input  cords  allow  the  unit  to  attach  to  redundant  power  sources 
.  Ducting  kit  to  drop  ceiling  plenum  allows  higher  temperature  from  equipment  exhaust 
to  be  delivered  directly  to  A/C  return  stream 


Power  Distribution  Units  ix -certified) 

Distribute,  monitor,  and  remotely  control  power  in  rack  enclosures 

•  Basic:  Vertically  and  horizontally  mounting  with  a  range  of  amps  f 
and  voltages 


Metered:  Ability  to  monitor  the  current  draw  and  set  alarm  thresh¬ 
olds  that  when  exceeded,  provide  both  visual  and  audible  alarms 


•  MasterSwitch®:  Advanced,  remote  power  distribution  and 
control.  User  configurable.  Users  can  configure  the  sequence  in 
which  power  is  provided  to  individual  receptacles  upon  start  up 


compliant  equipment  fit  inside. 


Environmental  Monitoring  Unit  ix-CEfliifiEni 

Monitors  environmental  conditions  in  racks  and  rooms 


•  Sensors  continuously  monitor  the  temperature  and  humidity  of  environment 

•  Four  user-definable  external  inputs  allow  use  with  sensors  for  fire, 
water,  smoke,  unauthorized  entry  and  physical  security 


•  Communicates  information  in  a  variety  of  formats  to  ensure  that  your  application  is  supported 


LCD  Monitors  (x  nFRTiFiFm 

Rack-mount  LCD  monitors  save  space  in  IT  environments 

*  Provides  optimal  functionality  while  utilizing  only  1 U  (1 .75")  of  rack  space 


s  —  .■  FREE  APC  Rack  Power  Distribution 

Unit  for  the  first  100  entrants! 

Get  yours  today!  Visit  http://promo.apc.com  Key  Code  j593y  •  Call  888-289-APCC  x6522  •  Fax  401-788-2797 
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Legendary  Reliability"' 
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emote  Console  Management  Solutions 


Access  Serial  Console  Ports...  from  Anywhere! 


OUT-OF-BAND  +  TELNET 


OUT-OF-BAND  +  MODEM 


OUT-OF-BAND 


CMS  _ _ 

■  Multi-Session  Telnet 

■  8, 16  or  32  Port  Models 

■  Non-Connect  Port  Buffering 

■  AC  and  -48VDC  Power  Options 


APS-8M 

■  Internal  33.6  Kbps  Modem 

■  Seven  DB-9  Serial  Ports 

■  Any-to-Any  Port  Switching 

■  Co-Location  Password  Features 


APS 

■  4,  8  or  16  Port  Models 

■  Port  Specific  Passwords 

■  Safe  “Break”  Features 

■  Datarate/Flow  Control  Conversion 


WTI's  family  of  remote  site  management  products  allows  network  administrators  to  manage  network  elements  located  anywhere.  WTI  designs  and  manufactures  in- 
band  and  out-of-band  console  and  terminal  switches,  remote  reboot  and  power  management  solutions,  rack  mounted  modems  and  automated  A/B  Fallback  Switches. 
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www.wti.com 


Features  included  in  all  Console  Switches 


(800)  854-7226 
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Keeping  the  Net.. .Working! 


There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 


OBSERVE 


EXPERT 

OBSERVER 


OBSERVER 

SUITE 


Quickly  Pinpoint,  Pre-solve  & 
Prevent  Network  Problems 


I 


Observer 

*995 


Observer 


Observer 
Suite 
* 3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  &  Europe  +44  (0)  1959  569880  •  Fax  +44  (0)  1959  569881 


NETWORK 

INSTRUMENTS 
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FREE  NetworkWbrid 

REPRINTS! 
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Order  reprints 

of  your  editorial  coverage  for 

NETWORLD+INTEROP 


and  well  increase  the  quantity  of 
your  order  by  10%  for  FREE. 


RMS 

REPRINT 

MANAGEMENT 

SERVICES 


Place  your  Network  World  reprint  order  by  April  10th,  2003 
and  we'll  increase  the  quantity  of  your  order  by  10%  for  FREE. 


For  additional  information,  to  obtain  a  quote, 
or  to  place  an  order,  contact: 


800-290-5460  ext.  129 


We  guarantee  delivery  by  April  22, 2003. 


mshober@reprintbuyer.com 

www.reprintbuyer.com 


dtSearch 


Instantly  Search 


dtSearch 


dtSearch 


'Industrial-strength.. 
SUperb"-PC  Magazine 


♦  Search  across  networks,  intranets,  and  web  sites 


♦  Publish  large  document  collections  to  web  or  CD/DVD 


dtSearch 


'Industrial-strength.. 
Sliperb"-PC  Magazine 


Superb ...  a  multitude 
of  high-end  features" 
PC  Magazine 


Intuitive  and  austere 
a  superb  search  tool" 
PC  World 


dtSearch 


A  powerful  text  mining 
engine ...  effective 
because  of  the  level  of 
intelligence  it  displays" 
PC  A! 


Very  powerful ...  a 
staggering  number  of 
ways  to  search" 
Windows  Magazine 


'Industrial-strength.. 
SUperb"-PC  Magazine 


Tremendously  powerful 
and  capable" 

Visual  Developer 


dtSearch 


Searches  at  blazing  speeds 
Computer  Reseller  News 
Test  Center 


'Industrial-strength.. 
SUperb"-PC  Magazine 


Enterprise  features  ^ 

♦  over  two  dozen  indexed,  unindexed,  fielded  and  full-text  search  options  ^ 

♦highlights  hits  in  HTML  and  PDF  while  displaying  embedded  links, 
formatting  andflnMir33 

♦  converts  other  file  types— word  processor,  database,  spreadsheet, 
email,  ZIP,  XML,  Unicode,  etc— to  HTML  for  display  with  highlighted  hits 

♦  developer  products  have  easy  wizard-basd  setup;  optional  API 


'dtSearch 


Industrial-strength... 
superb" -K  Magazine 


'Industrial-strength.. 
superb"-!*  Magazine 


5eewww.dtsearch.com  for: 

♦  developer  case  studies 


1-800-IT-FINDS 

sales@dtsearch.com 


♦  free  30-day  evaluations 


'included 


COOLIT  2000  Series 
Plug  and  cool  -115  V. 


Portable  -  Compact  -  Self-Contained 


FREE  Cooling  Analysis  Guide  ONLINE 


www.CoolestSpot.com 


Avoid  Downtime. 

Plan  ahead  and  protect  your  IT  operations 
from  heat  crippling  downtime 


Thousands  of  COOLITs  are 
currently  cooling  data/LAN 
rooms  around  the  clock 


AirPac 


World  Data  Products  introduces  its  new  Cisco 
Router  and  Switch  poster.  It  provides  at-a-glance 
information  on  model  capacities,  interface  cards 
and  available  features. 

The  Cisco  Poster  is  a 
valuable  tool  for 
network  planning. 

Call  877.231.2451  or 
visitwww.wdpi.com 
to  request  your 
FREE  Cisco  Router 
and  Switch  poster. 


-  —  - 

>11  | 
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# - 

Buy  •  Sell  •  Lease  •  Repair  •  New  •  Refurbished  •  Used 

www.wdpi.com  •  877.231.2451  •  cisco@wdpi.com 

121  Cheshire  Lane,  Minnetonka,  MN  55305  U.S.A. 
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CYBERG==ARD 

"yy  «■  WORLDWIDE 

DEPEND  YOUR  DOMAIN 

^  •  -'v. 

;  v  1 1  RE  WA LL/VPN  CSSSS 

,a  nm  I  A  EAL4+ 

a |  |  1-lANC.t  S  CERTIFIED 

«  jMjrbite  'pape:  s  on  Rock  Solid  Security  go  to 
VJKfceittierguardcorn/rooksotidmw  cfm 

'  ■  ‘h-fir-'  -  fi’  vSeyb^rguard  com  A  ■ 


THOMAS  MATZEN 

Vice  President, 

Head  of  Network  Security 
Commerzbank  AG 

With  assets  of  more  than  $420 
billion,  Commerzbank,  based  in 
Frankfurt,  Germany,  is  one  of 
Europe's  leading  banks. 

“Information  technology  is  a  key 
factor  in  the  financial  business  and 
our  data  is  one  of  the  most  valuable 
assets  we  have. 

“We  first  chose  CyberGuard  in 
1997,  not  only  because  they  are  the 
first  vendor  in  the  world  to  achieve 
EAL4  certification  for  their  firewall 
appliances,  but  also  because  we 
wanted  a  highly  secure  product 
which  offers  us  a  multilevel  secure 
operating  system,  proxy  abilities 
and,  of  course,  high  availability. 

“Today,  CyberGuard  products 
protect  all  external  connections, 
including  the  Internet  as  well  as 
connections  with  vendors  such  as 
Reuters  and  other  third  party  net¬ 
works.  This  infrastructure  is  being 
used  by  some  35,000  users  world¬ 
wide,  serving  800  German  locations 
and  over  20  international  locations 
across  four  continents." 


CyberGuard's  security  solutions  are 
found  in  Global  2000  companies  and 
governments  worldwide.  CyberGuard's 
award-winning,  premium  firewallA/PN 
appliances  maintain  complete 
separation  of  network  traffic  from 
system  components. 


Contact  these  companies  today  to  help  you  with  your  training  needs! 


Mcasurcllp 

(678)  356-5000 
|  www.measureup.com 
Certification  Practice 
I  Tests 


[  Transcender 

(615)  726-8779 
I  www.transcender.com 
Award-winning  practice  exams 
for  IT  certification 


Learnkey  Inc.  ^ 

(800)  865-0165 
www.learnkey.com 
Self-paced  online  CD  network 
certification  developer  bus/apps 


_ 


CBT  Nuggets,  Inc. 

(541)  284-5522 
|  www.cbtnuggets.com 
IT  Certification  Videos 
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Q  NetworkWorU 


NetSmart  Learning  Partner 


ADAPT 


“Your  Spot  Cooling  Specialists  ” 


800-243-COOL 


The  Hub  of  the  Hetwork  Buy 


We  bu|(!Xn,*and  least  * 

new  and  refurbished  networking  equipment, 
with  the  best  value  and  service  anywhere. 


Make  the  Smart  Choice, 
^  Treat  the  Experts  - 

^Continental 

Computers—™ 


ORDER 


now:  310-416-1200 

or  visit 

www.ContiComp.com 


We  Specialize  In... 


Cisco  Systems 


Authorized 

Reseller 


These  logos  are  a  trademark  at  thee  respective  companies  and  services. 


renewed 


Tel:  408.727.1122 
Fax:  408.727.8002 

34-3  1  DE  LA  CRUZ  BLVD. 
WWW.RECURRENT.CDM 


S3  eClU^R^t 

technologies,  inc. 
SANTA  CLARA,  CA  95D54 
INFD@RECURRENT.CDM 


We  Buy  &  Sell 

USED 

CISCO 

juniper 

Extreme 

800.451.3407 


JcdmponentsH 

*  ■  NETWORK  HARDWARE 


IX  Hardware  for  Less 


NeiOverstock 

Open  Box 
Pre-Owned 
Discontinued 


Since  1985 

50-907=  Savings 
Fully  Guaranteed 
Overnight  Delivery 

networkhardware.com 


WE  BUY  USED  CISCO 
8  SURPLUS  EQUIPMENT 

MBE  Certified  -Woman  Owned 

11904  South  La  Cienega  Blvd,  Hawthorne,  CA  90250 
Tel  310  643.6021  •  Fax  310  643.6041  •  www.jecom.com 


Call  1-888-746-6700  www.securematics.com 


CISCO  NORTEL 

NEW  •  REFURB  /  BUY  •  SELL 


Truckload 

Sale 

Bay  Networks  _ 
Fax  Equipment  List  To  801-377-0078 


NGRTEL 


caaerRon 

_ s>5rems 


888-8LANWAN  WZ& 

Call  (or  Free  Quote!  (888-852-6926)  www.nle.com 


Systems/! 


s/Memory 


EOUIBMENT 

Also  Available:  Welifleet,  Bay,  Fore, 
Xylogics,  Livingston,  &  Ascend 

In  Stock  •  Fast  Delivery  •  No  Expedite  Charges 


COMSTAR,  INC. 

The  #1  Network  Remarketer 

952*835*5502 

Pax  952*835*1927  E-Mall:sales@comstarinc.com 


ENTERPRISE 

Managed  SSL 


1 28  bit  -  Fully  Vetted 
99%  Browser  Coverage 

Central  Management  Real-Time  Deployment 

$49 

Enterprise  Discounts 
Enterprise  Sales  Group 
401-293-0119 

C  •  O  •  ME  •  O  *  E)  •  O 

www.comodogroup.com 


COMPLETE 

Catse  Kit 

EACH  KIT  INCLUDES: 

i-ioooft  Box  of  Catse  Cable 
ioo-RJ-4S  Connectors 
i-Crimper  Tool 


•  In  Stock  &  Ready  to  Ship 

•  No  Freight  Upcharges 

•  No  Handling  Fees 

•  7  Year  Warranty 

•  $i oo  minimum  order 

760-639-4500  www.evertek.com 


Advertise  in  the 
Marketplace  and  watch 
come 
ini 


Call  Direct  Response  Advertising 
1-800-622-1108 


the  week 


Overnight  Deliver  y 
90-day  Guarantee 
40%-90%  eff  List  Price 
Free  Tech  Support 


Qvtrmff)!  jVi 


f  SERVER  ROOM 

Temperature 

Sensors 
mwrpjwamm  * 129 ■- 


Multiple  Models  Including: 


THL-100 

(Battery  powered) 

THL-100  AC/DC 

(Continuous  monitoring) 

THL-100  AC/DC  Plus 

(Email  alarms) 


►  Records  Temperature,  Humidity  &  Light 

►  Time  Stamped  Data  for  Detailed  Analysis 

►  Windows-based  SmartSensor  Software 
•  Data  or  graphical  view 

•Easily  exports  to  common  spreadsheet 
software 


Toll  Free  1-866-442-7767 
www.smartronix.com/products 


WRC4.NET 

NEW  '  USED 


AUTHORIZED  RESELLER 
Access/Routers/Switches 

Cisco  Livingston  Ascend 
3Com  US  Robotics  Kentrox 
Adtran  BayNetworks  Xyplex 
Computone  Digital  Link 
Modems  /  DSU  /  Muxes 
IBM  UDS  Codex  Hayes  GDC 
Micom  Microcom  Paradyne 
ATT  MultiTech  Penril 
Racai  Telebit  Zoom 

WE  BUY  AND  SELL 
www.wrca.net 

800-699-9722 


OptimumDatalnc. 

www.optimumdata.com 


toll  free  800  879  8795 
ph:  +  1  402  575  3000 
fax:  +  1  402  575  20 1 1 


We  Ruy  &  S 
Used  Cisc 


1 20  Day  V^arxcfnty 

Cisco  •  Paradyne  •  ADTRAN  *  Sun  •  Extreme  Networks 


iruMi 


See  the  entire  Generation 
3.0  collection  at: 


BRETTS 


Luggage.  Leather  goods.  Gifts 
Pens.  Clocks. 
Lighters.  Games 

www.suitcase.com 


Software  Engineers  & 
Programmers:  Analyze, 

design,  test  and  implement 
specialize  software  applica¬ 
tions  tor  e-commerce,  Web. 
Client  Server  technologies, 
Legacy  systems  and  distrib¬ 
uted  apps.  in  Weblogic, 
Corba,  Apache.  Mainframe, 
ASP,  J2EE,  PB  and  related 
technologies  utilizing  appro¬ 
priate  RDBMS  including 
Oracle  and  DB2.  HR, 
Instcomp,  Inc.,  906  Lacey 
Ave.,  Suite  #206,  Lisle,  IL 
60536.  EOE 


Compuer  Programmer 

(Houston,  TX):  Writes  ABAP 
codes  to  develop  and  maintain 
e-business  solutions,  including 
large-scale  database,  on-line 
procurement  system,  and  on¬ 
line  timecard  application,  using 
SAP  products;  such  as  MM,  PP, 
SD,  VC,  FI;  Java;  ASP;  SML; 
SQL  and  Oracle  in  Windows 
NT  B.S.  plus  1  yr.  Exp.  Contact 
AN  Poonawala  of  Alinson,  Inc. 
at  203  Blue  Bell  Rd,  Houston. 
TX  77037,  (281)  260-7800(T), 
(281)  260-7878(F). 


Application  Engineer/Industrial 
Software  needed  w/exp  to  ana¬ 
lyze,  design  &  develop  industrial 
automation  applications  using 
Step  7  a  programming  language 
for  SIMATIC  S7  PLC'S  and 
SIMATIC  NET  for  configuring 
SIMATIC  Industrial  Networks 
Provide  system  integration  in 
the  field  of  factory  &  process 
based  on  PLC  (Programmable 
Controllers)  &  SCADA  (Super¬ 
visory  Control  and  Data 
Acquisition)  systems.  Design  & 
engineer  Control  System  hard¬ 
ware  &  related  software  devel¬ 
opment.  Perform  testing  &  trou¬ 
ble  shooting.  Send  resume  to: 
Control  Infotech  Inc.  1119-ID, 
Crab  Orchard  Drive,  Raleigh, 
NC  27606. 


S/W  Graphic  Designer  to  design, 
modify  and  maintain  existing/new 
web  sites  using  HTML,  CSS, 
ASP,  XML,  Flash,  under  Mac  and 
PC  envir;  Create/refine  conceptu¬ 
al  designs  and  ideas  into  comput¬ 
er/images  using  Photoshop, 
Illustrator,  Dream  Weaver;  create 
layouts  based  on  layout  princi¬ 
ples.  design  concepts;  conduct 
req  analysis  and  performance 
testing.  Require:  B.S.  or  foreign 
equiv.  in  CS/Graphic  Design/Fine 
Arts  with  2  yrs  of  exp.  Competi¬ 
tive  salary,  f/t.  travel  involved. 
Apply  to:  HR,  Mindspan  Systems, 
Inc.,  6050  Peachtree  Pkwy,  Ste 
240-214,  Norcross.  GA  30092. 


Senior  Network  Administrator. 
Plan,  direct,  support  Manage¬ 
ment  Information  System  includ¬ 
ing  daily  operation  of  Sun 
Solaris  UNIX  Server,  Microsoft 
Windows  2000  Advance  Server, 
IBM  AS400,  Citrix  Metaframe 
and  all  network  devices  and 
database  programs  for  Athens. 
GA  plant  Must  have;  BS  in  com¬ 
puter  science,  eng’g,  or  busi¬ 
ness  administration  or  related 
field  and  2  yrs  exp  in  job  offered 
or  in  Computer  Operations 
Analysis  or  related  field 
Respond  to  HR  Manager,  425 
Athena  Drive,  Athens,  GA 
30605  Refer  to  Code:  AR  No 
job  placement  agencies  need  to 
apply 


Computers-Programmer 
Analysts  needed.  Seeking  qual. 
candidates  possessing  BS  or 
equiv.  and/or  rel.  work  exp.  Part 
of  the  required  rel.  exp.  must 
include  1  yr.  working  with  Visual 
Basic.  MS  SQL  Server  8  Unix 
(AIX)  and  6  months  working  with 
People  Tools.  Work  with  3  of  the 
following:  MS  SQL  Server, 
Visual  Basic,  Unix  (AIX), 
Windows  NT,  Oracle  &  People 
Tools.  Fwd  resume  &  ref.  to 
Percipia,  Inc.,  Attn:  HR,  816 
Morrison  Rd.,  Gahanna,  OH 
43230. 


Technical 

Support 

Specialist  sought  by 

S  t  o  n  e  b 

ridge 

Hospitality 

Assoc’s 

w/Bach  in 

Comp 

Sci/Eng  or 

related 

field  w/2  yrs  exp. 

Respond  by 

resume 

to  HR  Dept, 

9100  E. 

Panorama  Dr,  #300, 

Englewood, 

80112. 

CO 

System  Administrator  want¬ 
ed  to  install,  configure,  sup¬ 
port  and  maintain  networks. 
Bachelor's  degree  in  a  Com¬ 
puter  related  field  and  2  yrs. 
experience  in  job  offered  or 
in  Systems  Administration  in 
a  Telecommunication  envi¬ 
ronment.  Experience  must 
include  TCP/IP,  Ethernet  and 
SQL,  Please  e-mail  resumes 
to  Rebecca. austamente@ 
radianz.com  (subject:  Code 
0313). 


Technical  Marketing  Manager 

Initiate,  engage,  develop,  & 
manage  business  relationships 
&  partnerships.  Prospect  gener¬ 
ation,  preparation  &  presenta¬ 
tion  of  solutions  &  proposal 
preparation  &  finalization.  MBA / 
Masters  in  Business/  Computers 
&  1  yr.  exp.  Must  be  willing  to 
travel,  use  UNIX,  Windows,  SEI 
CMM  &  ISO  Concepts.  40.0 
hrs./wk  9:00  AM  -  6:00  PM 
Applicants  send  cover  letter  and 
resume  to:  SRA  Systems 
Limited,  1945  Cliff  Valley  Way, 
#270,  Atlanta,  GA  30329,  ATTN: 
M.  Ankarath 


Programmers  needed.  Seek¬ 
ing  candidates  possessing  BS 
or  equivalent  and/or  rel  work 
experience.  Duties  include: 
Analyze  program  applications; 
Develop  and  deploy  applica¬ 
tions;  Integrate  applications. 
Work  with  2  of  the  following: 
Java,  J2EE,  VC++,  COM,  First 
Logic.  Visual  Basic  and  Crys¬ 
tal  Reports.  Mail  resume,  ref¬ 
erences  and  salary  require¬ 
ments  to:  Marketing  Response 
Systems,  Attn:  Mel,  980 
American  Pacific  Drive,  #104, 
Henderson,  NV  89014. 


F/T  Computer  Support  Specialist. 
Responsible  for  scoping,  planning 
and  implementing  legacy  applica¬ 
tion  extension  projects  and  training 
customer  personnel  in  tool  use. 
100%  travel.  Requires  in-depth 
knowledge  of  J  Walk,  GUI/400, 
Win  Ja  and  TTT.  Must  have  3  yrs. 
of  exp.  Work  background  must 
have  included  providing  technical 
support  services  to  software  and / 
or  network  end  users  and  support¬ 
ing  J  Walk,  GUI/400  &  TTT  cus¬ 
tomers  across  a  variety  of  indus¬ 
tries.  Salary:  Competitive.  Send 
Resume  to:  HR-Ref:  TS,  SEAG¬ 
ULL,  3340  Peachtree  Rd,.,  Atlanta, 
GA  30326.  Reference  this  ad.  No 
phone  calls  please. 


COMPUTER 

Siebel  Systems,  Inc.  has  employ¬ 
ment  opportunities  for  Tech 
Instructors  in  Alpharetta,  GA. 
Education  and  experience  re¬ 
quirements  vary.  Apply  online  at 
http://www.siebel.com/adresume 
or  forward  your  resume  referenc¬ 
ing  Job#2521  to:  Siebel  Systems, 
Inc.  Attn:  Corporate  Recruiting, 
2207  Bridgepointe  Parkway,  San 
Mateo,  CA  94404.  EEOE 


Sr  Software  Engineer 
for  s/ware  co  in 
Rochelle  Park,  NJ.  Must 
have  Master's  degree  in 
Comp  Sci/Comp  Eng  or 
reltd  field  &  5  yrs  exp  in 
job  offered  or  in  s/ware 
development  position. 
Send  resume  to;  Matrix 
Info.  Consulting,  365  W. 
Passaic  St,  Rochelle 
Park,  NJ  07662,  attn: 
Rob  Bigini. 


e-lite 
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e-merging 
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e-normous 

opportunities 

IT 

careers 

An  tOO  fUcrurtmun*  ScAiliun*  Company 

Sure 

NetworkWorld 

COMPUTERWORLD 
AND  INFOWORLD 

Help  You  Do 
A  Better  Job. 


Now  Let  Us  Help 
You  Get  One. 


Call: 

1-800-762-2977 


it  careers.com 


nmq: 
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it  careers 


IT  CAREERS 


You  can 
find  a 
better 

JOB 

with  one 
hand  tied 
behind 
your  back. 


Just  point  your 
mouse  to  the 
world’s  best 
IT  careers  site. 

Brought  to 
you  by 

Computerworld, 
Info  World  and 
Network  World. 

Find  out  more. 

Call  your 
ITcareers  Sales 
Representative 
or 

Nancy  Percival, 

1-800-762-2977 


Where  the  best 
get  better 


Developer  sought  by  oncology/ 
therapeutics  div.  of  pharma  R&D 
co.  in  San  Francisco.  CA.  Candi¬ 
date  must  have  a  Bachelor's  de¬ 
gree  or  equiv.  In  Computer  Engin¬ 
eering  or  related.  Min.  of  5  years 
experience  in  application  develop¬ 
ment  &  database  design  &  devel¬ 
opment  on  Oracle  platform  re¬ 
quired.  Extensive  exp.  in  OOAD, 
Object  Oriented  Programming. 
DBA.  database  design  tools,  data 
modeling  tools  (ERWin),  SQL, 
PL/SQL.  Unix  (shellscripts,  FTP 
automation).  Java,  Oracle  8i  data¬ 
base,  Oracle  1 1  i  applications  (order 
fulfillment).  Blue  Martini  CRM  and 
HTML,  pharma,  pricing  s/w  cus¬ 
tomization  required.  Experience  in 
pharma,  pricing  required.  Must 
have  strong  analytical  skills  in  pric¬ 
ing  infrastructure,  information  ser¬ 
vices  &  data  analyses.  &  excellent 
oral  &  written  communication  skills. 
Send  resumes  to:  OTN,  Staffing 
Dept.,  395  Oyster  Point  Blvd.,  Suite 
405,  South  San  Francisco,  CA 
94080,  Job  Code:  VM-764  or  fax 
resume  to:  (650)  737-9576  or  email 
to:  jobs.otn@otnnet.com 


Sr.  Programmer/Business  Analyst 
(Chicago,  IL)  Participate  in  archi¬ 
tectural  design  and  use  case 
analysis  on  web-based  mgt  info 
syst.  w /  Oracle/Win2000  env. 
using  PL/SQL,  VB,  TOAD,  MS 
Project  and  Rational  Robot;  inter¬ 
face  b/t  info  tech  and  business 
groups  to  identify  user  needs, 
prepare  busi.  requirement  docu¬ 
ments,  and  develop  project  pack¬ 
ages  applying  JAD  and  RAD. 
Requires  BS  in  Com. Sc..  Engr.  or 
MIS  plus  3  yrs.  exp.  Full¬ 
time/competitive  salary.  Resume 
to:  HR  NetEffects,  Inc.,  500 
Chesterfield  Ctr.,  Ste.350,  St. 
Louis,  MO  63017 


SR.  SOFTWARE  ENGINEER 
sought  by  Graphic  Enter¬ 
prises  of  OH  to  dvlp  &  support 
s/ware  prodcts  for  newspaper 
indstry  using  Win  NT/2000/ 
98/95,  SQL,  C/C++/Visual 
C++,  COM/ATL,  MFC,  VB, 
VBScript,  Visual.Studio.NET, 
Java,  JavaScript,  Win  32 
APIs/STL,  HTML,  XML  & 
HTTP.  Deg  in  Comp  Sci/Engg 
&  significant  work  exp  req'd. 
Send  resume  to  HR,  Graphic 
Enterprises,  Inc.,  3874 
Highland  Park  NW,  North 
Canton,  OH  44720. 


Demantra,  Inc.  seeks  Sr 
Application  Consultant  to  design 
demand  planning  technical 
architecture;  serve  as  demand 
planning  &  forecasting  expert;  & 
work  w/customers  to  improve 
planning  process.  Hands-on 
involvement  in  all  phases  of 
Demand  Chain  solution,  from 
business  analysis  to  implemen¬ 
tation  &  support.  Operate  db 
systems  to  integrate  demand¬ 
planning  product  in  ERP  & 
Supply  Chain  envir.  Job 
involves  extensive  travel. 
Resume/cvr  Itr  to:  Demantra, 
Inc;  HR;  767C  Concord  Ave; 
Cambridge,  MA  02138. 


Software  Engineer  to  research/ 
develop  computer  graphics  soft¬ 
ware  on  Macintosh  &  Windows 
using  C/C++  under  MS  Visual 
Studio;  work  on  DTP  features  of 
the  product-text  input  (  including 
European  &  Far-Eastern  Asian 
character  sets  &  input  methods), 
text  layout,  font  caching  &  ren¬ 
dering,  GDI  printing  &  PostScript 
printing;  40hpw,  M-F, 
$52,000/yr.,  req.  bachelors  in 
computer  science  or  related  field 
plus  6  mos.  exp.  Fax  resume  to 
J.  Miranda,  Deneba  Software, 
Inc.,  1150  NW  72nd  Ave.,  Suite 
180,  Miami,  FL  33126,  (305) 
406-9802. 


Mercury  Interactive  Corpor¬ 
ation  is  the  world's  leading 
provider  of  solutions  that  auto¬ 
mate  testing,  quality  assurance 
and  application  performance 
management  for  e-business, 
enterprise  resource  planning, 
and  client/server  applications. 
Mercury  and  its  subsidiary 
Freshwater  Software  currently 
have  exciting  opportunities 
available  at  our  worksites 
throughout  the  US,  including 
Sunnyvale,  CA;  Boulder,  CO 
for  the  following  positions  (all 
levels/all  types): 

•  Software  Engineers  (& 
Consultants) 

•  Systems  Analysts/Engineers 
(&  Consultants) 

•  Database  Administrators 

•  Product  Managers 

•  Customer  Support  Analysts 

Please  send  resume  to 
Mercury  Interactive  Corpor¬ 
ation  with  cover  letter  to 
Human  Resource  Dept,  fax: 
408-822-5514  or  email  your 
resume  to  jobs@merc-int.com. 
For  additional  information  on 
these  and  other  positions,  visit 
our  web  site  at  www.mercuryin- 
teractive.com.  Mercury 

Interactive  Corporation  is  an 
equal  employment  opportunity 
employer  committed  to  the 
development  of  a  diverse  work¬ 
force. 


MKRC’.t :ry  interactive 


A  Chicago  Japanese  restaurant 
is  seeking  an  Info.  System 
Manager  to  develop/operate 
info.  sys.  to  estimate  food  con¬ 
sumption,  place  orders  with  sup¬ 
pliers,  and  to  manage  daily 
restaurant  operations;  install 
and  program  restaurant-wide 
info.  sys.  to  ease  the  record¬ 
keeping/paperwork;  adminis¬ 
ter/program  a  computer  program 
to  keep  track  of  employee 
schedules/pay;  install/operate 
Point-of-Service  (POS)  systems 
to  increase  employee  productiv¬ 
ity  and  to  track  the  sales  of  spe¬ 
cific  menu  items;  Administer/ 
program  a  computer  system 
which  totals  checks,  act  as  a 
cash  register/credit  card  autho¬ 
rizes  and  track  daily  sales;  use 
inventory  tracking  software  to 
compare  the  record  of  daily 
sales  from  the  POS  with  a 
record  of  present  inventory  to 
minimize  food  costs/spoilage; 
operate/program  a  system  to 
order  additional  inventory  from 
the  supplier.  40  hrs/wk,  10am- 
7pm,  $47,000/yr.  B.A./B.S.  in 
Business  or  C.S.  1  yr  related 
exp.  Applicant  must  show  proof 
of  legal  authority  to  work  in  the 
U.S.  Send  resume  to  IL.  Dept,  of 
Employment  Security,  401  S. 
State  St.  -  7  North,  Chicago,  IL 
60605,  Attn:  Leonard  Boksa. 
Ref#  V-IL34152  -  B.  An  employ¬ 
er  paid  ad.  No  Calls-Send  2 
copies  of  both  resume  &  cover 
letter. 


Consultant  sought  by 
NYC  IT  firm  for  publish¬ 
ing  related  projects,  sys¬ 
tem  analysis  &  design. 
BS  degree,  IT  related 
major.  Broad  skills  in 
desktop  publishing,  web 
technologies,  and  sys¬ 
tem  integration.  Freq. 
travel.  Contact: 

careers@desknetinc.com 


Software  Professionals  and  IT 
Managers  Needed 

Digital  GlobalSoft  Limited  (for¬ 
merly  Digital  Equipment  (India) 
Ltd.)  is  a  leading  software  com¬ 
pany  with  offices  nationwide. 
With  Digital  you  will  get; 
Extensive  Benefits,  Additional 
Compensation  for  referrals,  and 
Professional  Challenges  with 
training  and  assignments  to 
keep  you  at  the  leading  edge  of 
technology. 

For  technical  positions  (software 
engineers,  programmer/ana¬ 
lysts,  systems  analysts),  we 
need  people  with  the  following 
skills: 

OS:  Open  VMS,  NT/Windows 
2000/XP,  Tru  64Unix. 

Languages/Tools:  ASP, 
Com/Dcom,  JavaScript,  VB 
Script,  VB,  VC++,  PERL,  Java, 
EJB,  CORBA,  RMI,  C/C++, 

DEC  Forms,  ACMS,  Rally. 

Middleware:  MSMQ,  TUXEDO. 

Database:  Oracle,  SQL  Server, 
Sybase  and  Rdb. 

We  are  also  searching  for  SAP 
functional  experts  with  2  years 
implementation  experience  in 
various  modules  and  Siebel  cer¬ 
tified  consultants  with  2+  years 
post  certification  experience. 

Ideal  candidates  for  IT  Business 
Development  Manager  positions 
will  have  technical  background, 
i.e. ,  Bachelor's  degree  in 
Engineering,  Computer  Science, 
Electronics  or  related  field,  and 
IT  business  development  and 
managerial  experience. 

T ravel  to  job  sites  throughout  the 
United  States  may  be  required. 
Some  positions  may  require 
relocation  to  Europe  and  Asia 
Pacific.  Applications  can  be  sent 
to  North  America  F  &  A 
Manager,  Digital  GlobalSoft 
Limited,  200  Forest  Street, 
MR01-1/A65,  Marlboro,  MA 
01752. 

Digital  GlobalSoft  Limited  is  an 
equal  opportunity  employer. 


Web  Application  &  Client  Server 
Specialist  (Sr.  Programmer/ 
Analyst).  Web  Applic  &  Client 
Server  Specialist  (Sr  Prgmr/ 
Analyst)  pos  works  w/clients  of 
ISSI  to  dsgn  &  modify  tech  archi¬ 
tecture  of  client  systms,  &  over¬ 
see  implmtn.  Pos  dsgn  &  dvlp 
applies  &  detailed  s/ware  mod¬ 
ules  to  meet  specific  reqmts 
using  ASP,  MS  VB,  SQL  Server, 
Client  Server,  HTML,  &  C++. 
Pos  serve  as  project  leader.  BS 
or  foreign  equiv  in  CS,  CE,  EE, 
or  MIS  +  4  yrs  exp  in  job  offd  or 
as  Prgmr  (or  MS  +  2  yrs  exp.) 
Exp  to  incl  1  yr  as  team  leader  or 
mgr  +  VB,  SQL  Server,  Client 
Server,  ASP,  C++,  Active  X.  40 
hrs/wk,  $61 ,21 4/yr.  Must  have 
proof  of  legal  auth  to  work  in  US. 
Send  resume  to  IA  Workforce 
Center,  215  Watson  Powell  Jr. 
Way,  Suite  100,  Des  Moines,  IA 
50309-1727.  Please  ref  to  JO 
IA1 101645.  Employer  paid  ad. 


Seeking  qualified  applicants  for 
the  following  positions  in 
Memphis/Collierville,  TN:  Senior 
Business  Application  Analyst. 

Act  as  liaison  between  technical 
developers  and  users/customers. 
Requirements:  Bachelor's  deg¬ 
ree’  in  computer  science,  math, 
statistics,  business  administration 
or  related  field  plus  5  years  of 
experience  in  analyzing  business 
systems  and  developing  technical 
automated  solutions.  Experience 
with  Java;  application  server 
(either  WebLogic,  WebSphere  or 
JRUN);  and  UNIX  also  required. 
"Master's  degree  in  appropriate 
field  will  offset  2  years  of  general 
experience.  Submit  resumes  to 
Sibi  George,  FedEx  Corporate 
Services,  1900  Summit  Tower 
Blvd.,  Suite  1400,  Orlando,  FL 
32810.  EOE  M/F/D/V. 


it  careers.com 


It  is  at  the  heart  of  our  work,  not  only  the  energy 
we  provide  to  the  entire  world,  but  also  the 
energy  which  drives  our  people.  The  following 
represents  our  needs  in  Saudi  Arabia: 


Web  Solutions  Specialist 
Senior  Imagery  Analyst 
Network  Storage  Administrator 
EDP  Systems  Analyst 
SAP  Training  Specialist 
Power  Systems/ETAP  Specialist 
Digital  Systems  Technician 

For  consideration,  please  send  a  resume  to 
Aramco  Services  Company,  reference  code 
06J-ITCAREERS,  in  one  of  the  following 
ways:  Fax:  (713)  432-4600;  Mail  P.O.  Box  4530, 
Houston,  TX  77210-4530;  e-mail  (please  cut 
and  paste  rather  than  send  an  attachment): 
resumes@aramcoservices.com. 


For  a  detailed  description  of  the  above 
positions,  please  refer  to  our  website 
www.jobsataramco.com. 


dpguuuJI  gSoljl 
Saudi  Aramco 


Prog.  Analysts  to  analyze,  design, 
maintain  appls  using  C,  Java, 
HTML,  VBScript,  ASP,  MS  SQL, 
Rational  Rose  under  Windows  OS; 
design,  implement  GUI  and 
RDBMS  using  VB,  Dev  2000, 
Oracle,  MS  Access,  SQL  Server. 
Require:  B.S.  or  foreign  equiv.  in 
CS/Engg  (any  branch)  &  2  yrs  of 
exp.  in  the  field.  S/W  Enggs  to 
design,  develop,  test,  implement 
appls  using  C,  C++,  Oracle,  SQL 
Server,  MS  Access  on  Windows, 
Unix;  design,  develop  web  appls 
using  HTML,  Java,  ASP,  JDK,  CGI, 
JScript;  provide  training  and  user 
support  for  the  systems  appln  soft¬ 
ware/hardware  to  team  and  clients; 
debug  and  modify  existing  soft¬ 
ware.  Require:  M.S.  or  foreign 
equiv.  in  CS/Engg.  (any  branch) 
with  1  yr  exp.  in  the  field.  High  sal¬ 
ary.  F/T.  Travel  involved.  Resume 
to:  Infosmart  Technologies,  385 
Leatherman  Ct,  Alpharetta,  GA 
30005. 


System  Admins  to  install,  maintain, 
administer  Windows  NT,  Linux, 
HP-UX, SCO/Solaris;plan,  imple¬ 
ment,  maintain  and  troubleshoot 
LAN/WAN  installations;  manage 
networking  protocols  such  as 
TCP/IP.  IPX/SPX.  etc;  install, 
upgrade  network  computer  hard¬ 
ware/software.  Systems  Analysts 
to  analyze,  design  appls  using 
Java,  VB,  Oracle,  SQL  Server, 
ASP,  Active  X,  HTML/DHTML, 
JavaScript,  etc.  under  Windows 
OS;  write  triggers  and  stored  pro¬ 
cedures  to  account  for  business 
processes;  perform  req.  analysis; 
develop  user  interface,  reports 
Require:  B.S.  or  foreign  equiv  with 
cone  in  CS/Science/Engg.(Any 
branch)  and  2  yrs  of  exp.  in  IT 
Travel  involved.  High  Salary.  F/T. 
Resume  to.  Radiant  Technologies, 
Inc.,  335  Majestic  cove,  Alpharetta, 
GA  30004 


IT  Developer  3,  Charlotte,  NC, 
Wachovia  Corp.  Create  doc.  de¬ 
tailing  hardware  &  software  infra¬ 
structure,  interdependencies  of 
each  component  &  IVR  appl.  dev. 
standards  for  EIVR  environ. 
Reqs.  BA  in  CIS  &  3  yrs  exp.  in 
the  pos.  off.  or  Software  Eng.  or 
Comp.  Consultant.  The  3  yrs  reqd 
exp.  must  incl.  work  w/IVR  appli¬ 
cation  design,  dev.,  implementa¬ 
tion  &  work  in  high-volume  call 
center  (2-3  million  calls/mos.).  1 
yr.  of  reqd  exp.  must  incl.  IVR  sys. 
w/PBX  switches  (i.e.  Cisco/ 
Geotel  ICM,  Aspect  ACD,  SL1, 
SL100  &  AT&T  G3)  &  IVR  sys. 
w/SpeechWorks  ASR  software  or 
similar  software  package.  M-F,  8- 
5,  Send  resume  to  Randal!  Buck, 
Wachovia  Corporation,  1525 
West  W.T.  Harris  Blvd,  NC  0775, 
Charlotte,  NC  28262-0775.  No 
phone  calls. 


System  Analysts  to  analyze, 
design,  develop  software  for 
Wireless  and  Data  Communica¬ 
tion  using  J2EE,  XML,  C,  C++, 
SQL.  SMPP,  WAP,  XHTML,  3G, 
Oracle,  etc.  under  Oracle  Mobile 
Server  9iAS  WE,  UNIX,  Sun 
Solaris  etc;  perform  reqs  gather¬ 
ing,  design  process,  design 
reviews,  code  peer  reviews, 
customization  and  enhance¬ 
ments.  Prog/Analysts  to  ana¬ 
lyze,  design  appls  using  C,  C++, 
Java,  HTML,  VB,  Java-Script, 
SQL,  Oracle,  MS  Access  under 
Windows,  UNIX  OS;  study,  eval¬ 
uate  new  technologies/method¬ 
ologies;  gather,  document  reqs 
from  user  community;  test/trou¬ 
bleshoot  project  appl  code 
according  to  system  objectives. 
Require:  BS  or  foreign  equiv.  in 
CS/Engg.  (any  branch)  with  2 
yrs  exp.  High  Salary.  Travel 
involved.  F/T.  Apply  to:  HR, 
Unilinx,  Inc,  4625  Alexander  Dr., 
Ste  110.  Alpharetta,  GA  30022. 


lands  on  test  results  and  research  recently  completed  by  Miercom  reveals 
Innovative  features,  but  good  management  is  still  lacking  on  some  products.  This 
lume  report  Includes  comprehensive  information  on  23  IP-PBX’s  from  15  vendors. 


Mierco 


Get  your  copy  today:  Go  to  http://nwwl.com/go/ad384.html 
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M  Sales  Offices 

Ceroi  Laskor,  Associate  Publisher/Vice  President 
Jane  We^s*man,  Sales  Operations  Coordinator 
Internet:  clasker.  jweissman@nww.com 
(508)  400-3333/ FAX:  (508)  460-1237 _ 


■  Network  World,  Inc. 

118Tumpike  Road,  Southborough,  MA  01772 
Phone:  (508)  460-3333 

TO  SEND  E-MAIL  TO  NWW  STAFF 

firstname_lastname@nww.com 


# 


New  York/New  Jersey 

Tom  Daws  Associate  Publisher,  Eastern  Region 
Elisa  Della  Rocco,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  tdavls,  elisas,  ajoseph@nww.com 
(201)  587-0090/FAX:  (201)  712-9786 

Northeast 

Donna  Pomponl,  Regional  Sales  Manager 
Caitlin  Horgan,  Sales  Assistant 
Internet:  dpomponi,  chorgan@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 

Mid-Atlantic 

Jacqui  DiBianca.  Regional  Sales  Manager 
Marta  Hagan,  Sales  Assistant 
Internet:  jdibian,  mhagan@nww.com 
(610)  971-1530/FAX:  (610)  975-0837 _ 


Midwest 

Eric  Danetz,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  edanetz,  ajoseph@nww.com 
(201)  587-0090/FAX:  (201)  712-9786 


Central 

Dan  Gentile,  Midwest  Regional  Director 
Grade  Vela,  Sales  Assistant 
Internet:  dgentile,  gvela@nww.com 
(512)  249-2200/FAX:  (512)  249-2202 


Northern  California 

Sandra  Kupiec,  Associate  Publisher,  Western  Region 
Miles  Dennison,  Regional  Sales  Manager 
SeanWeglage,  Regional  Manager 
Teri  Whitehair,  Office  Manager/Exec.  Asst. 

Berit  Einsiedl,  Sales  Assistant 

Internet:  skupiec,  mdennison,  sweglage,  twhitehair 

beinsiedl@nww.com 

(650)  577-2700/FAX:  (650)  341-6183 

Northwest/Rockies 

Karen  Wilde,  Regional  Sales  Manager 
Lara  Greenberg,  Regional  Sales  Manager 
Berit  Einsiedl,  Sales  Assistant 
Internet:  kwilde,  Igreenberg,  beinsiedl@nww.com 
(650)J577-2700/FAX:  (650)  341-6183 _ 


Southwest 

Becky  Bogart  Randell,  Senior  District  Manager 
Angela  Norton,  Sales  Assistant 
Internet:  brandell,  anorton@nww.com 
(949)  250-3006/FAX:  (949)  833-2857 _ 

Southeast 

Don  Seay,  Regional  Sales  Manager 
Caitlin  Horgan,  Sales  Assistant 
Internet:  dseay,  chorgan@nww.com 
(404)  845-2886/FAX:  (404)  250-1646 


Customer  Access  Group 

1  Tom  Davis,  Assoc.  Publisher  Eastern  Region/General 
Manager,  Customer  Access  Group 
Shaun  Budka,  Director,  Customer  Access  Group 
Kim  Gaffrey,  Sales  Manager,  Western  Region 
Kate  Zinn,  Sales  Manager,  Eastern  Region 
Sharon  Stearns,  Manager,  Client  Services 
Caitlin  Horgan,  Sales  Assistant 
Internet:  tdavis,  sbudka,  kgaffrey,  kzinn,  sstearns, 
chorgan@nww.com 

(508)  460-3333/FAX:  (508)  460-1237 _ 


Fusion 

Alonna  Doucette,  Vice  President  Online  Development 
James  Kalbach,  Director.  Online  Services 
Stephanie  Gutierrez.  Online  Account  Manager 
Debbie  Lovell,  Online  Account  Manager 
Kristin  Douglas,  Online  Operations  Manager 
Internet:  adoucette,  jkalbach,  sgutierrez,  dlovell, 
kdouglas@nww.com 
(610)  341-6025/FAX:  (610)  971-0557 


EvileeThibeault,  CEO/Publisher 

John  Gallant,  President/Editorial  Director 

Eleni  Brisbois,  Administrative  Planning  Manager 

FINANCE/BUSINESS  SERVICES 

Mary  Fanning,  Vice  President  Finance 

Paul  Mercer,  Finance  Manager 

Mary  Kaye  Newton,  Billing/AP  Coordinator 

Frank  Coelho,  Senior  Manager,  Business  Services 

LisaThompson,  Business  Services  Administrator 

Mark  Anderson,  Business  Services  Supervisor 

Kevin  McMillen,  Business  Services  Coordinator 

HUMAN  RESOURCES 

Elizabeth  Price,  Director  of  Human  Resources 
Eric  Cormier,  Human  Resources  Representative 

MARKETING 

TerryAnn  Croci,  Senior  Director  of  Marketing 

Barbara  Sullivan,  Senior  Research  Analyst 

Nancy  Petkunas,  Prod.  Marketing  Mgr.  Events/Online 

Judy  Schultz,  Senior  Marketing  Designer 

Cindy  Panzera,  Graphic  Specialist 

GLOBAL  PRODUCT  SUPPORT  CENTER 

Nancy  Parquette,  Sr.  Production  Marketing  Manager 

Print/GPSC 

ADVERTISING  OPERATIONS 

Karen  Wallace,  Senior  Director  of  Advertising  Operations 
Maro  Eremyan,  Advertising  Coordinator 
Veronica Trotto,  Advertising  Coordinator 
Cara  Peters,  Advertising  Coordinator 

PRODUCTION 

Greg  Morgan,  Production  Director 

Scott  Delugan,  Senior  Production  Coordinator 

JamiThompson,  AdTraffic  Coordinator 

CIRCULATION 

Richard  Priante,  Senior  Director  of  Circulation 
Darcy  Beach,  Circulation  Operations  Manager 
Bobbie  Cruse,  Subscriptions  Manager 
Mary  Mclntire,  Circulation  Marketing  Manager 

RESEARCH 

Ann  MacKay,  Research  Director 

DISTRIBUTION 

BobWescott,  Distribution  Manager/(508)  879-0700 
IDG  LIST  RENTAL  SERVICES 

Paul  Capone,  Account  Executive 
P.O.  Box  9151,  Framingham,  MA  01701-9151 
(800)  343-6474/(508)  370-0825,  FAX:(508)  370-0020 
SEMINARS.  EVENTS  AND  IDG  EXECUTIVE  FORUMS 

Robin  Azar.Vice  President  of  Events 
Chris  Shipley, Vice  President/Executive  Producer 
Michele  Zarella,  Director  of  Operations  -  EAST 
Bob  Bruce,  Director  of  Operations  -  WEST 
Teri  Whitehair,  Office  Manager/Exec.  Asst. 

Sandra  Gittlen,  Events  Editor 

Betty  Amaro-White,  Event  Finance  Manager 

Neai  Silverman,  Senior  Director  of  Event  Sales 

Andrea  D'Amato,  Sales  Director/Strategic  Partnerships 

Kristin  Ballou-Cianci,  Senior  Event  Sales  Manager 

Sandy  Weill,  Event  Sales  Manager 

Maureen  Riley,  Event  Sales  Manager 

David  Brooks,  Event  Sales  Manager 

Judy  Tyler,  Sales  Operations  Specialist 

Karyn  Williams,  Managing  Dir.  of  Conference  Development 

Karen  Daitch,  Manager  of  Program  Development 

Elizabeth  Parsons,  Program  Development  Specialist 

Mark  Hollister,  Senior  Director  of  Event  Marketing 

Debra  Becker,  Dir.,  Marketing  4  Audience  Development 

Sara  Evangelous,  Marketing  Manager 

Kristin  Wattu,  Senior  Event  Copywriter 

Timothy  Johnson,  Marketing  Specialist 

Tim  DeMeo,  Senior  Operations  Specialist 

Lavayne  Harris,  Senior  Operations  Specialist 

Irma  Kartina,  Operations  Specialist 


MARKETPLACE 

Response  Card  Decks/MarketPlace 

Richard  Black,  Director  of  Marketplace 
Karima  Zannotti,  Senior  Account  Manager 
Enku  Gubaie,  Senior  Account  Manager 
Amie  Gaston,  Account  Manager 
Chris  Gibney.  Sales  Operations  Coordinator 
Internet:  rblack,  kzannott,  egubale,  agaston, 
cgibney@nww.com 
(508)  460-3333/FAX:  (508)  460-1192 

IT  CAREERS 

Director.  Nancy  Percival,  East  Regional  Manager,  Deanne 
Holzor.  Midwest/West  Regional  Manager.  Laura  Wilkinson, 
Sales/Marketing  Associate,  Joanna  Schumann  (800)  762- 
2977/FAX:  (508)  875-6310 


ONLINE  SERVICES 

Alonna  Doucette,  Vice  President  Online  Development 

Hillary  Freeley,  Director,  Online  Operations 

Adam  Gaffin,  Executive  Editor,  Online 

Melissa  Shaw,  Managing  Editor,  Online 

Jason  Meserve,  Multimedia  Editor 

Sheryl  Hodge,  Online  Copy  Chief 

Christopher  Cormier,  Web  Producer 

CUSTOMER  ACCESS  GROUP 

Alonna  Doucette,  Vice  President  Online  Development 
Hillary  Freeley,  Director,  Online  Operations 
Deborah  Vozikis,  Design  Manager  Online 
Mike  Guerin,  Senior  Production  Specialist 
Sharon  Stearns,  Manager  Client  Services 
INFORMATION  SYSTEMS 


W.  Michael  Draper,  V.  P.  Systems  {.Technology 

Anne  Nickinello,  Senior  Systems  Analyst 

Tom  Kroon,  Senior  Software  Engineer/Architect 

William  Zhang,  Senior  Software  Engineer 

Rocco  Bortone,  Senior  Network  Manager 

Peter  Hebenstreit,  Senior  Network/Telecom  Engineer 

Kevin  O'Keefe,  Systems  Support  Manager 

Brian  Wood,  Senior  Systems  Support  Specialist 

Puneet  Narang,  Manager  of  Database  Technologies 


IDG 

J.  McGovern,  hairman  of  the  Board 

CEO 

World  is  a  publication  of  IDG,  the  world's  largest 
of  computer-related  information  and  the  leading 
provider  of  information  services  on  information  tech 
IDG  publishes  over  275  computer  publications  in  75 
es.  Ninety  million  people  read  one  or  more  IDG  publi- 
ions  each  month.  Network  World  contributes  to  the  IDG 
ws  Service,  offering  the  latest  on  domestic  and  interna 
-»!  computer  news. 
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IPSec  or  not? 

Many  users  shore  up  wireless  LAN  security  with  IPSec 
VPNs,  but  the  answer  isn’t  perfect. 

Pros 

•  IPSec  provides  standardized  authentication  and  encryption. 

•  The  VPN  makes  it  unnecessary  to  track  media  access  control 
addresses  as  a  way  to  exclude  machines. 

•  Only  authorized  users  can  gain  access. 

•  Allows  use  of  inexpensive  access  points. 

Cons 

•  Client  software  must  be  installed,  managed  and  maintained. 

•  There  is  no  support  for  non-IP  traffic. 

•  It  is  difficult  to  allow  guest  users  on  the  network. 

•  Moving  among  access  points  could  crash  VPN  sessions  and 
freeze  machines. 

•  Machines  are  susceptible  to  denial-of-service  attacks. 


Wireless 

continued  from  page  1 

be  called  802.1  li.  That  will 
purportedly  clear  up  the 
problems  identified  with  its 
predecessor  called  Wired 
Equivalent  Privacy  (WEP), 
namely  that  its  auth¬ 
entication  messages  are  forg¬ 
ed  easily  and  its  encryption 
keys  are  poorly  protected. 

In  the  meantime,  users  that 
require  secure  wireless  LANs 
are  turning  to  supplemental 
security  which  falls  into  two 
camps:  IP  Security  (IPSec) 
remote-access  VPN  gear  and 
equipment  made  by  a  pack 
of  mainly  young  companies 
specializing  in  wireless  LAN 
security,  among  them  Blue- 
socket,  Cranite  Systems, 

Fortress  Technologies, 

ReefEdge  and  Vernier  Networks. 

While  IPSec  addresses  the  security  prob¬ 
lems,  it  is  not  perfect  and  brings  along  all 
the  shortcomings  it  has  in  a  wired  network. 

For  example,  the  technology  handles 
only  IP  traffic,  not  IPX  or  Appletalk.  It 
requires  client  software  on  all  the  remote 
machines.  IPSec  tunnels  are  point-to-point, 
so  multicasting  traffic  wastes  a  lot  of  band¬ 
width  setting  up  all  those  tunnels. 

“It’s  kind  of  like  the  question  about  IPSec 
in  general:  it  works  well  for  some  people, 
and  doesn’t  work  well  for  others.  Adding 
wireless  into  the  mix  is  not  going  to  change 
that  very  much,”  says  Joel  Snyder,  senior 
partner  with  Opus  One. 

IPSec  works  for  Christopher  Misra,  net¬ 
work  analyst  for  the  University  of  Massa¬ 
chusetts  at  Amherst,  which  installed  wire 
less  hot  spots  in  five  public  areas  on  cam¬ 
pus  last  year  for  student  use. 

The  hot  spots  are  secured  using  Cisco 


Switch 

continued  from  page  10 

point,”  he  says. 

Enterasys’  advanced  RoamAbout  R2 
access  point  supports  an  array  of  secu¬ 
rity  provisions,  and  its  User-Personalized 
Networks  software  lets  administrators 
set  up  network  policy  rules  for  authenti¬ 
cated  users,  based  on  Layer  3  and  Layer 
4  attributes. 

But  Roese  is  clear  about  how  the  new 
switching  architecture  will  affect  this 
model.  “R2  is  the  only  access  point  that 
can  do  individual  policies,"  he  says.“But 
it’s  an  expensive  product:  the  Cadillac  of 
[access  points].  The  difference  is  that 
[wireless  LAN  switch  competitors]  can 
stick  a  cheap  access  point  [on]  the  end 
of  their  switches  and  get  these  same 
results.” 

“They  have  probably  a  one-month 
edge  on  us," says  Roese,  who  declined  to 
v  into  more  detail  on  the  products, 
pricing  or  shipping.  “When  we  release 


VPN  gear  Misra  already  had  for  a  wired-net¬ 
work  project.  Because  of  WEP’s  weakness¬ 
es,  he  decided  on  IPSec. 

In  the  UMass  network,  each  remote 
machine  has  a  VPN  client  that  creates  a 
secure  session  with  a  VPN  server  located 
on  the  LAN  side  of  the  wireless  access 
points.  This  prevents  unauthorized  mach¬ 
ines  from  tapping  into  the  network  or  pick¬ 
ing  off  unsecured  communications  be¬ 
tween  authorized  machines  and  the  cam¬ 
pus  network. 

Misra  says  he  is  satisfied  IPSec  secures 
the  network,  but  it  was  not  easy  to  imple¬ 
ment.  For  security  reasons,  he  wanted  the 
wireless  network  to  be  logically  separate 
from  the  wired  network,  and  that  required 
careful  design. 

“The  complexity  for  us  was  in  imple¬ 
menting  the  parallel  network  over  our 
existing  backbone,”  he  says.  He  set  up  a  sep¬ 
arate  virtual  LAN  (VLAN)  for  the  access 


our  next-generation  switching  architec¬ 
ture,  it  will  have  everything  they  do.” 

Perhaps  not  quite  everything,  at  least 
not  yet.  Some  start-ups  are  focusing  a  lot 
of  attention  on  radio  frequency  features, 
which  is  not  a  strong  point  for  tradition¬ 
al  switch  vendors.  Vivato  is  using  a 
phased-array  antenna  system  that  lets  its 
combination  switch-access  point  send 
narrowly  focused  radio  beams  to 
clients.  Aruba  will  use  its  own  access 
points  also  as  radio  wave  monitors, 
scanning  not  only  for  rogue,  or  unautho¬ 
rized,  access  points,  but  also  for  signal 
strength,  traffic  loads  and  numbers  of 
users.  ■ 

More  online! 

learn  how  to  set  up  wire¬ 
less  LANs  throughout  your 
company.  Register  for  our 
Wireless  LANs  Technology 
Toui  DocFinder:  4344 


points  and  wireless  clients  to 
segregate  the  traffic  and 
restrict  where  users  can  go 
on  the  network  for  security 
reasons.  “This  required  us  to 
configure  [VLAN]  trunks  to 
each  building  where  we 
wanted  to  implement  a  wire¬ 
less  network,”  Misra  says. 

Other  challenges  included 
installing  clients  on  all  stu¬ 
dent-owned  machines,  creat¬ 
ing  work  for  the  help  desk  to 
assist  technology-challenged 
users,  Misra  says.  Macintosh 
users  are  out  of  luck  because 
IPSec  gear  won’t  support  it. 

Another  potential  problem 
with  IPSec  is  that  VPN  ses¬ 
sions  could  break  when  users 
move  from  one  access  point 
to  another  because  the  IP 
address  changes.  The  break 
can  freeze  other  applications, 
forcing  users  to  reboot.“It’s  not  a  great  way 
to  handle  mobility  if  you’re  moving 
around,”  says  Mark  Stevens,  vice  president 
of  network  security  at  VPN  vendor 
WatchGuard  Technologies. 

The  wireless  security  companies  that 
offer  an  alternative  to  IPSec  address  some 
of  these  problems.  Ecutel  has  developed  a 
technology  that  keeps  application  sessions 
alive  when  wireless  devices  move  between 
access  points.  The  transition  becomes 
unnoticeable  to  users,  the  company  says. 

These  security  boxes  sit  on  the  LAN  side 
of  access  points  and  typically  include  a  fire 
wall,  authentication  support  and  encryp¬ 
tion.  Some  of  these  products,  such  as  those 
from  Bluesocket  and  ReefEdge,  also  do 
some  management  of  wireless  bandwidth 
by  applying  quality-of-service  restrictions. 

Fortress’  airFortress  gear  consists  of  three 
elements:  client  software;  an  appliance  that 
handles  encryption  and  network-layer 
authentication;  and  access-control-server 
software  residing  on  a  Windows  NT  server 
in  the  LAN. 

The  client  includes  a  key  it  shares  with 
the  appliance  for  machine  authentication, 
then  the  access  control  server  confirms 
that  the  remote  device  is  authorized  to  use 
the  network,  and  the  user  is  challenged  for 
name  and  password. 

All  traffic  between  the  wireless  machines 
and  the  airFortress  appliance  encrypts  us¬ 
ing  Data  Encryption  Standard,  Triple-DES 
or  Advanced  Encryption  Standard  encryp¬ 
tion.  Because  the  communication  is 
bridged  through  the  access  point  using 
source  media  access  control  address  and 
destination  MAC  address,  each  packet,  in¬ 
cluding  Layer  3  headers,  is  encrypted. This 
prevents  hackers  from  gaining  information 
about  the  wired  network  to  which  the  wire¬ 
less  gear  grants  access.  Fortress  says. 

A  single  airFortress  appliance  deals  with 
all  the  access  points  in  a  network,  so  it  can 
smoothly  maintain  communications  as  the 
mobile  machines  move  between  access 
points. 

The  Syracuse,  N.Y.,  police  department 


chose  Fortress  gear  because  it  had  to 
secure  sensitive  data  as  it  used  wireless  to 
expand  into  new  office  space.  It  also  want¬ 
ed  to  use  wireless  gear  in  interrogation 
rooms  so  it  could  be  removed  easily,  says 
Pat  Phelps,  IT  specialist  for  the  department. 

He  says  part  of  Fortress’  attraction  is  that  it 
offers  security  through  obscurity  Hackers 
won’t  focus  on  trying  to  break  its  techn¬ 
ology  once  a  commercial  standard  is 
adopted,  he  says.  “Whatever  standard 
comes  out  people  will  put  their  effort  in  try¬ 
ing  to  crack  that,”  Phelps  says. 

While  they  are  necessary  now  to  secure 
wireless  LANs,  these  add-ons  might  be 
come  less  popular  after  the  IEEE  finishes  its 
802.1  li  standard. 

“When  new  authentication  and  encryp¬ 
tion  standards  get  put  in  place  later  this 
year,  you  probably  won’t  need  to  use  VPNs,” 
says  Dave  Kosiur,  an  analyst  with  Burton 
Group.Then  wireless  security  will  be  suffi¬ 
ciently  strong.” 

Some  users  have  even  put  off  using  wire 
less  until  these  problems  are  fixed  and 
security  becomes  streamlined.  “The  entire 
attraction  of  wireless  is  its  ease  of  use,”  says 
Paul  Forbes,  network  engineer  for  Trimble 
Navigation  in  Sunnyvale,  Calif.  “If  it  isn’t 
essentially  transparent  to  the  user,  what  is 
the  point?  Why  not  jack  in  on  a  wired 
port?”  ■ 
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0  sues  IBM  for  $1  billion  for  infringement 


B  BY  PHIL  HOCHMUTH  AND  ANN  BEDNARZ 

UNDON,  UTAH  —  The  SCO  Group  last 
week  filed  a  $1  billion  lawsuit  against  IBM, 
alleging  Big  Blue  tried  to  destroy  the  value 
of  Unix  to  benefit  IBM’s  Linux  business. 

SCO’s  complaint,  filed  last  Thursday  in  the 
State  Court  of  Utah,  claims  misappropria¬ 
tion  of  trade  secrets,  tortious  interference, 
unfair  competition  and  breach  of  contract 
on  the  part  of  IBM.  IBM  could  not  be 
reached  for  comment. 

“We  are  alleging  that  IBM  misappropr¬ 
iated  the  research-and-development  re¬ 
sources  previously  dedicated  to  A1X  to  ben¬ 


efit  their  Linux  business,” said  Dari  McBride, 
president  and  CEO  at  SCO. “This  is  a  direct 
violation  of  their  Unix  contract  with  SCO.” 

IBM  entered  into  a  Unix  license  agree¬ 
ment  with  AT&T  in  1985  to  produce  its  AIX 
operating  system.  SCO  inherited  AT&T’s 
interest  in  the  IBM  agreement  in  1995  when 
it  purchased  rights  to  the  Unix  operating 
system  and  UnixWare  —  including  source 
code,  source  documentation,  software 
development  contracts  and  licenses  — 
which  AT&T  originally  owned. 

SCO  is  demanding  that  IBM  cease  within 
100  days  what  it  deems  anticompetitive 
practices,  or  SCO  will  revoke  its  AIX  license. 


SCO  seeks  at  least  $1  billion  in  damages. 

Boies,  Schiller  and  Flexner  filed  SCO’s 
complaint.  David  Boies,  the  lead  lawyer  in 
the  U.S.  Justice  Department’s  Microsoft  anti¬ 
trust  case,  is  managing  partner  at  the  law 
firm.  SCO  announced  in  January  that  the 
firm  had  been  retained  to  research  and 
investigate  possible  violations  of  SCO’s  intel¬ 
lectual  property  That  SCO  chose  IBM  as  the 
first  target  of  its  legal  offensive  has  upsides 
and  downsides,  says  Brian  Kelly,  a  Fenwick 
&  West  partner  in  Washington,  D.C.,  who  spe¬ 
cializes  in  IT  intellectual  property 

The  upsides  are  that  IBM  has  deep  pock¬ 
ets,  so  seeking  large  amounts  of  money  is 


feasible, and  that  suing  IBM  has  a  high  pub¬ 
lic  relations  value,  Kelly  says. 

The  main  downside  is  that  by  now  IBM 
has  so  much  money  invested  in  its  Linux 
efforts  that  it  will  have  little  incentive  to 
capitulate  and  seek  a  settlement, and  prob¬ 
ably  will  be  willing  to  devote  a  significant 
amount  of  money  and  legal  resources  to 
fight  the  lawsuit,  Kelly  says.  Had  SCO  cho¬ 
sen  to  go  after  a  smaller  company,  its 
chances  of  getting  the  upper  hand  in  a  set¬ 
tlement  would  have  been  better,  he  says. 

IDG  News  Service  correspondent  James 
Niccolai  contributed  to  this  story. 


aifcOn  the  open  source  side,  you 
don't  always  know  who  picked  up 
the  software.  You  can  get  the  big 
companies,  but  for  all  the  others 
you  just  announce  the  problem  in 
the  appropriate  places.  9 1 

Eric  Allman 

CTO,  SendMail,  Inc. 


Open  source 

continued  from  page  1 

the  bug  and  then  he  informed 
companies  such  as  HP  IBM  and 
Sun  that  he  knew  had  the  15-year- 
old  open  source  code  in  their 
commercial  products. Those  ven¬ 
dors  then  developed  patches  for 
their  own  customers. 

But  Allman  says,  “on  the  open 
source  side,  you  don’t  always 
know  who  picked  up  the  soft¬ 
ware.  You  can  get  the  big  compa¬ 
nies,  but  for  all  the  others  you  just 
announce  the  problem  in  the 
appropriate  places.” 

The  open  source  world  in¬ 
cludes  mailing  lists  and  Web  sites 
such  as  Sendmail.org  and  Secur- 
ityFocus  Bugtraq. 

Download  depot 

Sendmail.org  says 
it  sees  more  than  2,000 
downloads  of  its  open 
source  software  and 
supporting  files  per 
week;  SourceFire 
reports  8.-  .  downloads 
per  week  of  open  source 
Snort  code. 


On  the  closed  source  side,  a 
central  point  of  contact,  say 
Microsoft,  becomes  the  flash 
point  for  OEMs  and  other  known 
licensees  of  products.  But  the  crit¬ 
icism  against  closed  source  ven¬ 
dors  is  that  often  they  don’t  re¬ 
spond  quickly  or  at  all  until  hack¬ 
ers  release  exploit  code. 

On  the  commercial  side,  Send¬ 
Mail  talked  to  every  customer  via 
direct  contact  or  e-mail,  Allman 
says. 

The  same  scenario  was  true  for 
SourceFire  CTO  Martin  Roesch, 


the  creator  of  Snort,  who  pulled 
no  punches  in  laying  out  the 
severity  of  the  security  flaw  in  his 
code  last  week. 

But  Roesch  says  on  the  open 
source  side  at  times  it  can  be  dif¬ 
ficult  to  know  who  is  running 
your  code  and  where. 

“It’s  an  interesting  perspective,” 
Roesch  says.“It  reminds  me  of  the 
SNMP  bug  last  year  that  had  peo¬ 
ple  scrambling  to  find  out  what 
systems  had  the  software  and 
were  vulnerable.” 

In  that  February  2002  incidents 
bug  some  called  the  biggest 
security  threat  in  the  history  of 
the  Internet  was  found  in  SNMP 
which  runs  on  everything  from 
switches  and  routers  to  worksta¬ 
tions  and  servers. 

Historically,  the  open  source 
community  has  been  quick  to  re¬ 
spond  to  problems.  Which  was 
evident  with  open  source  Send¬ 
Mail,  as  a  patch  took  less  than  24 
hours  to  develop.  The  commer¬ 
cial  version  took  a  week  because 
it  had  to  be  tested  on  every  plat¬ 
form,  Allman  says. 

But  was  everyone  using  open 
source  SendMail, or  products  that 
incorporate  the  software,  aware 
of  the  issue?  In  this  case,  the 
answer  is  likely  yes,  given  that 
SendMail  moves  about  75%  of  the 
e-mail  on  the  Internet. 

But  what  about  lesser-known 
software  and  code? 

“There  is  tons  of  open  source 
code  being  embedded  in  all 
sorts  of  places,  and  awareness 
is  an  issue,”  says  Roesch,  who 
adds  that  closed  source  and 
open  source  patching  have 
their  differences. 

“We  have  8,500  downloads 
a  week  of  the  open  source  code 
and  Snort  is  all  over  the  place. 
It’s  in  places  that  I  never 
imagined.” 

Roesch  says  he  found  out  the 


FBI  was  using  Snort  while  watch¬ 
ing  a  television  news  program 
that  showed  an  FBI  computer 
running  an  application.  Roesch 
recognized  it  as  Snort. 

Experts  say  it’s  imperative  that 
open  source  software  users  keep 
up  with  community  develop¬ 
ment  efforts  or  with  their  ven¬ 
dors  that  supply  open  source 
software. 

“That  is  why  most  commercial 
customers  will  get  open  source 
from  a  known  vendor  that  sup¬ 
ports  the  software,”  says  Dan  Frye, 
the  director  of  IBM’s  Linux  Tech¬ 
nology  Center  and  a  former 
member  of  President  Clinton’s 
technology  advisory  committee 
on  open  source. “That’s  why  most 
enterprise  shops  don’t  develop 
their  own  Linux  distributions  or 
modify  the  source  code.” 

Companies  that  change  the 
binary  files  of  source  code  and 
recompile  it  change  the  “signa¬ 
tured  a  file  and  can  make  patch¬ 
ing  a  nightmare.  Once  source 
code  is  modified  or  extended,  the 
software  becomes  a  unique  ap¬ 
plication  that  must  be  main¬ 
tained  by  its  creator,  which  could 
be  a  single  developer. 

“Our  tools  check  software 
based  on  a  binary  signature,"  says 
Mark  Shavlik,  CEO  of  Shavlik 


Technologies,  which  develops 
patch  management  tools  for 
Microsoft  products  and  is  work¬ 
ing  on  a  Linux  version. “If  some¬ 
one  extends  an  open  source 
product  and  recompiles  the  code 
with  a  few  tweaks  it  becomes 
almost  impossible  to  track." 

It’s  a  key  issue,  experts  say  be¬ 
cause  patching  software  is  be¬ 
coming  a  process  that  requires 
automated  tools  and  explicit  cor¬ 
porate  policy 

In  the  SendMail  case,  the  patch 
updated  three  files,  but  if  any  of 
those  files  had  been  previously 
modified  in  a  particular  user’s 
version  of  the  software,  the  patch 
might  not  have  worked  right, 
SendMail’s  Allman  says. 

For  instance, Sun  has  extensions 
to  the  SendMail  code  that  are  spe¬ 
cific  to  its  implementation. 

“None  of  the  extensions 
touched  the  files  that  were 
affected,  but  they  did  have  to 
look  at  this  a  bit  more  carefully” 
he  says. 

The  issue  is  not  lost  on  corpo¬ 
rate  users  who  have  adopted 
open  source  software. 

The  CTO  of  a  well-known  online 
e-commerce  site  says  his  site 
rarely  makes  any  modification  to 
open  source  code  beyond  con¬ 
figuration  files. 


“If  we  do  make  changes  we  do 
it  for  the  long  term  and  we  don’t 
touch  that  code  again,”  says  the 
CTO.The  company  uses  two  open 
source  tools  to  help  with 
changes.  One  is  called  Patch, 
which  helps  incorporate  source 
code  changes  into  patches;  the 
other  is  CVF which  provides  a  re¬ 
vision  history  “But  we  try  to  stay 
away  from  modifications  and  ex¬ 
tensions  because  the  support  of 
those  can  become  a  real  head¬ 
ache,  a  real  nightmare.” 

Despite  the  differences,  the  real 
corporate  problems  today  with 
patching  vulnerable  software  is 
that  it  often  doesn’t  get  done. 

That  was  evidenced  in  the  re¬ 
cent  Slammer  attack  on  a  hole  in 
Microsoft’s  SQL  Server  for  which 
there  was  a  known  patch. 

The  open  source  world  isn’t 
any  better  —  a  study  last  year  by 
consulting  firm  RTFM  after  the 
OpenSSL  bug  hit  showed  that 
more  than  three  weeks  after  the 
vulnerability  was  discovered 
60%  of  servers  in  a  test  group 
probed  randomly  on  the  Internet 
still  had  not  been  patched.  In 
addition,  three  weeks  after  the 
Slapper  worm  exploited  the 
OpenSSL  remote  buffer  overflow 
the  pattern  of  unpatched  servers 
was  similar. 

“It  really  comes  down  to  your 
processes  [for  remediation]," 
says  Dan  Agronow,  vice  presi¬ 
dent  of  technology  for  Weather, 
com,  which  has  converted  to 
nearly  a  complete  open  source 
infrastructure  over  the  past 
two  years. 

“If  you  have  the  processes  in 
place  to  get  patches  and  get 
them  installed  you  can  be  suc¬ 
cessful  in  both  environments, 
he  says.”  ■ 
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Why  aren't  you  migrating  to  Linux? 


w 


ow.  Did  you  see  the  recent 
Business  Week  story  titled 
“The  Linux  Uprising”?  You 
can  read  it  online  at  www.nwfusion. 
com,  DocFinder:  4661 . 

I’m  not  pointing  it  out  because  it’s 
good  (it  was  pretty  poor),  but  because  of  what  it  rep¬ 
resents  —  the  leading  edge  of  a  forthcoming  wave 
of  popular  press  stories  focusing  on  Linux. 

The  story  is  poor  because  it  used  “pop”  descrip¬ 
tions  with  wild  abandon  —  for  example,  its  sub- 
heading:“How  a  ragtag  band  of  software  geeks  is 
threatening  Sun  and  Microsoft  —  and  turning  the 
computer  world  upside  down.”  Right. 

This  spin  is  disingenuous.The  people  working  on 
Linux  and  all  the  other  related  open  source  projects 
are  not  “a  ragtag  band” —  they  are  skilled,  intelligent 
people  with  a  commitment  to  creating  something 
that  could  have  profound  value  and  meaning  to  the 
computer  world. That  is  something  to  admire  and 
applaud,  not  wrap  up  in  a  glib  sound  bite  for  the 
great  unwashed. 

Yet  at  the  core  of  this  hype  is  a  real  story:  Linux  is 
gaining  ever  more  momentum  to  the  extent  that 
even  non-IT  people  are  becoming  aware  of  its 
impact  and  importance. 

Now  some  of  you  might  be  muttering, “More 
momentum!  Linux  is  already  a  behemoth.”While 


you  are  right  in  many  ways,  the  current  surge  in  pop¬ 
ular  awareness  of  the  operating  system  will  be  a  sig¬ 
nificant  boost  to  the  acceptability  of  Linux  in  the 
corporate  world. 

If  you’d  told  your  shareholders  a  few  years  ago  you 
were  jettisoning,  say  Windows  in  favor  of  Linux  on 
your  servers, you  might  have  had  a  rough  time 
defending  the  move.  Now  you  might  just  get  some 
grumbling  (unless  your  shareholders  also  have  a  lot 
of  Microsoft  in  their  portfolios). 

What  I’m  wondering  is  what  it  will  take  to  get  you 
—  yes, you  reading  this  column  —  to  accelerate  the 
shift  to  Linux?  I  ask  because  I  hear  endless  griping 
about  Microsoft’s  poor  coding,  high  price,  weak  secu¬ 
rity,  poor  support  and  bad  attitude,  but  I  don’t  see 
people  migrating  en  masse. 

Is  it  because  Linux  is  that  much  harder  to  use  in 
the  real  world  than  Windows?  Or  so  you’ve  been 
told?  The  fact  is  that  on  the  desktop  Linux  has  some 
way  to  go  to  be  really  user  friendly,  but  in  the  data¬ 
center  there’s  no  arguing  with  the  facts  —  Linux  is 
easier  to  deploy  and  manage. 

The  truth  is  that  Linux  is  more  than  ready  for  the 
big  time.  Just  look  at  the  millions  of  dollars  IBM  has 
put  into  Linux  development.  As  far  as  1  can  deter¬ 
mine  you  now  can  run  Linux  on  every  IBM  platform. 
Linux  is  even  available  for  the  company’s 
latest  eServer  zSeries  mainframes. 


Of  course  not  everyone  is  so  gung-ho  about  Linux. 
But  this  is  not,  in  the  majority  of  cases,  for  technical 
reasons  —  oh  no,  it  is  for  (you  guessed  it)  marketing 
purposes. 

The  thing  about  Linux  that  disturbs  Microsoft,  for 
example,  is  its  business  model  relies  on  the  market 
mechanics  it  has  created  and  driven  over  the  years. 
Obviously  a  move  to  Linux  will  change  all  that.  But 
Microsoft  has  demonstrated  that  when  a  market 
force  appears  that  it  can’t  stop  it  will  turn  on  a  dime 
and  try  to  embrace  and  own  it.  Watch  Microsoft  try 
to  do  that  with  Linux  over  the  next  few  years. 

Anyway  along  with  many  other  pundits  I’m  bank¬ 
ing  on  Linux  dominating  the  server  market  within  a 
very  short  period  and  eventually  (within  a  few 
years)  we’ll  see  a  workable  Linux  desktop  solution. 

So  the  most  important  question  I  have  for  you  is, 
why  aren’t  you  moving  your  servers  to  Linux?  What’s 
holding  you  back?  It  can’t  be  cost.so  is  it  a  fear  of 
the  unknown?  Or  is  it  just  easier  to  stick  with 
Windows?  Are  you  so  paralyzed  by  years  and  years 
of  soaking  up  the  Microsoft  marketing  messages  that 
defection  to  the  competition  no  matter  how  inex¬ 
pensive  is  unthinkable? 

Come  on,  tell  me  what  kind  of  rough-and-ready  IT 
person  you  are  (or  should  that  be  sensitive  and  deli¬ 
cate?).  Inside  scoops  to  backspin@gibbs.com. 
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By  Paul  McNamara 

Need  a  shovel  for  your  e-mail? 

Caelo  Software  is  a  tiny  speck  of  a  company  loc¬ 
ated  in  a  tiny  speck  of  a  Canadian  town. 

Caelo's  product —  Nelson  Email  Organizer  (NEO) 
—  is  said  to  save  huge  amounts  of  time  for  Microsoft 
Outlook  users  who  find  themselves  facing  enormous 
mounds  of  messages  every  day. 

Two  truths  are  evident  in  the  growing  popularity  of 
NEO  and  the  more  recent  emergence  of  competing  products  such  as  Bloomba  by 
Stata  Labs  and  IntelliMail  by  Open  Field  Software:  E-mail  overload  has  moved 
beyond  being  an  annoyance  for  power  users  to  where  it’s  now  getting  on  the  nerves 
of  ordinary  office  workers. 

And  the  major  e-mail  vendors  —  Microsoft,  in  particular  —  are  not  doing  enough 

to  help. 

Tom  Gibson,  a  Caelo  founder  and  vice  president  of  product  development,  claims 
NEO  users  report  carving  “two  or  three  hours  a  day"  off  their  e-mail  processing  time. 

That  sounds  like  an  exaggeration,  but  NEO  does  receive  glowing  reviews  from 
technology  journalists,  who  are  a  notoriously  ornery  bunch  when  it  comes  to  prod¬ 
ucts  they  actually  use. 

"There  are  two  reasons  why  there  is  an  e-mail  overload  problem,"  Gibson  says. 
“The  biggest  is  poor  e-mail  practices  by  users." 

That  might  smack  of  blaming  the  victim,  but  it  rings  true  given  the  amount  of 
utterly  useless  junk  that  lands  in  my  in-box  every  hour  from  friends,  co-workers,  and 
the  worst  offenders  —  clueless  public  relations  professionals  who  won’t  take  the 
time  to  aim  their  pitches  at  only  appropriate  targets. 

“The  second  problem  is  that  there  are  inadequate  tools,"  Gibson  says.  "The  tools 
that  are  out  there  don't  really  match  how  people  deal  with  their  e-mail _ Search  is 


so  slow  that  it's  not  viable  in  Outlook." 

NEO  helps  by  creating  easily  searchable  links  to  individual  messages  that  are 
automatically  sorted  into  multiple  views  that  product  fans  say  work  better  than  the 
familiar  folders  of  Outlook.  While  NEO  is  targeted  at  the  small  office/home  office 
market,  an  enterprise  version  is  slated  to  debut  later  this  year. 

Despite  the  rising  pain  of  ever-growing  e-mail  levels,  user  inertiaris  likely  to  remain 
the  most  daunting  challenge  facing  companies  such  as  Caelo. 

“It  doesn't  occur  to  people  that  there's  a  better  way  to  do  e-mail,"  Gibson  says. 

Stupidity  is  stranger  than  fiction 

Buzz  was  sitting  next  to  a  fellow  from  the  State  Department  at  lunch  recently 
when  the  topic  turned  to  spam,  and,  in  particular,  the  notorious  Nigerian  con  game 
that  still  reportedly  separates  the  gullible  from  their  bank  accounts.  I've  long  sus¬ 
pected  that  reports  of  this  scam  bilking  hundreds  of  victims  had  to  be  an  urban  leg¬ 
end  because,  well,  because  people  just  can't  be  that  stupid. 

You  can  add  that  to  the  list  of  things  I’ve  been  wrong  about. 

My  lunch  companion  says  it’s  not  unusual  for  U.S.  embassy  personnel  in  Nigeria  to 
receive  frantic  phone  calls  from  relatives  of  Americans  who  have  traveled  to  that 
country  to  claim  their  promised  rewards.  Only  when  embassy  workers  actually 
knock  on  the  dupe's  hotel  room  door  do  these  noodle-brains  finally  accept  that 
they're  about  to  be  victimized.  “The  look  of  realization  that  washes  over  their  face  is 
something  to  see,"  he  said. 

He  also  told  of  a  twist  to  the  scam  that  will  forever  disavow  me  of  any  notion  that 
there  is  a  limit  to  human  stupidity  or  greed. 

It  seems  the  spammers  are  telephoning  earlier  victims  of  the  scam  and  claiming  to 
be  from  the  Nigerian  government.  They  say  they  can  get  the  victim's  money  back  . . . 
for  a  fee  of  $1,000 _ Believe  it  or  not,  a  few  bite. 

You  say  that’s  not  all  I’m  wrong  about ?  The  address  is  buzz@nww.com. 


BUSINESS  THRIVES 
ON  EMAIL. 
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By  a  conservative  estimate,  over  80%  of  viruses  infect  corporate  networks  via  email." 

And  one  in  every  300  emails  contains  a  virus.1  Trend  Micro  “understands  this,  and  it's 
precisely  our  understanding  that  makes  us  the  market  leader  in  antivirus  at  the 
gateway.4  While  most  security  solutions  are  unable  to  anticipate  malicious  behavior, 

Trend  Micro's  security  policies  are  designed  to  quickly  identify  and  quarantine 
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suspicious  email — often  before  a  virus  signature  is  even  identified-  By  linking  over 

v.  v  . . .  ■/  .>  ■  . 

250  antivirus  experts  around  the  world  to  the  enterprise  via  Trend  Micro  Control 

••  <  •  "  . 

Manager,'  network  administrators  are  able  to  rapidly  deploy  messaging  security  strate-  .  ; 

gies  across  the  network.  Securing  the  gateway  is  the  first  step  of  an  overall  Trend  Micro 
Enterprise  Protection  Strategy  designed  to  keep  the  entire  — Al* — s-sev 
malicious  code.  For  more  information  about 


Security,  please  visit  trendmicro.com/products 


‘ICSA  Labs  6th  Annual  Computer  Virus  Prevalence  Survey  2000  (www.ICSA.net).  'The  Observer,  January  13,  2002  (www.observer. 
Trend  Micro  Incorporated.  All  rights  reserved.  Trend  Micro,  the  t-ball  logo  and  Control  Manager  are  trademarks  or  registered  trademarks 
names  may  be  trademarks  or  registered  trademarks  of  their  owners. 
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1]  WIN  WITH  PORTALS:  Here.  There.  Everywhere.  With  information 
coming  from  infinite  sources,  a  seamlessly  integrated  portal 

is  crucial  for  both  increased  productivity  and  reduced  costs. 

2]  WIN  WITH  WEBSPHERE:  WebSphere  offers  a  pre-integrated, 
easy-to-implement  portal  solution  complete  with  leading- 
edge  collaboration  from  Lotusf  content  management  from  DB2® 
and  the  best  in  security  capabilities  from  Tivoli.® 

3]  MAKE  THE  PLAY:  Visit  ibm.com/websphere/portalplay 
for  a  free  portal  kit  with  downloadable  demos  and  testimonials. 


@  business  is  the  game.  Play  to  win: 
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